Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install: Certificate verification failed: The certificate is NOT trusted. #5656

Closed
GeniusWiki opened this issue May 30, 2020 · 5 comments
Closed

Install: Certificate verification failed: The certificate is NOT trusted. #5656

GeniusWiki opened this issue May 30, 2020 · 5 comments

Comments

@GeniusWiki
Copy link

Today I going to install datadog agent 7 in 4 servers. First 2 is OK, then got this error on third server and installation failed. Go back first 2 servers, got same error when running apt update.

Output of the info page (if this is a bug)
Err:7 https://apt.datadoghq.com stable Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 99.84.191.108 443]
Reading package lists... Done
E: The repository 'https://apt.datadoghq.com stable Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
(Paste the output of the info page here)


**Additional environment details (Operating System, Cloud provider, etc):**
ubuntu 20.04
@ramirovarandas
Copy link

We are getting the same error, but for agent version 6 on Ubuntu 18.04

@andibing
Copy link

Me too! Glad you logged a ticket. I was going to earlier this morning, but thought something was amiss. Not had any luck to resolve, including re-running the installation (same error)

The error message across several different boxes - all Ubuntu 20.04 but x64 and Arm - is:

Err:23 https://apt.datadoghq.com stable Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 13.224.226.40 443]

Contents of /etc/apt/sources.list.d/datadog.list

deb https://apt.datadoghq.com/ stable 7

@gusy
Copy link

gusy commented May 30, 2020

Same thing over here, plus my machine is not being monitorized for last 5 hours

these are the outputs of sudo service datadog-agent status

May 30 15:07:14 labs dd.forwarder[2044]: WARNING (transaction.py:268): Transaction 105 in error (1 error), it will be replayed after 2020-05-30 15:07:34
May 30 15:07:15 labs dd.forwarder[2044]: WARNING (iostream.py:845): SSL Error on 10 ('52.0.188.242', 443): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)
May 30 15:07:15 labs dd.forwarder[2044]: ERROR (ddagent.py:282): Response: HTTPResponse(_body=None,buffer=None,code=599,effective_url='https://5-32-6-app.agent.datadoghq.com/api/v1/check_run/?api_key=*************************51ca7',error=HTTPError('HTTP 599: [SSL: CERTI
May 30 15:07:15 labs dd.forwarder[2044]: WARNING (transaction.py:268): Transaction 101 in error (2 errors), it will be replayed after 2020-05-30 15:07:55
May 30 15:07:15 labs dd.forwarder[2044]: WARNING (iostream.py:845): SSL Error on 10 ('52.0.188.242', 443): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)
May 30 15:07:15 labs dd.forwarder[2044]: ERROR (ddagent.py:282): Response: HTTPResponse(_body=None,buffer=None,code=599,effective_url='https://5-32-6-app.agent.datadoghq.com/api/v1/series/?api_key=*************************51ca7',error=HTTPError('HTTP 599: [SSL: CERTIFIC
May 30 15:07:15 labs dd.forwarder[2044]: WARNING (transaction.py:268): Transaction 100 in error (2 errors), it will be replayed after 2020-05-30 15:07:55
May 30 15:07:19 labs dd.forwarder[2044]: WARNING (iostream.py:845): SSL Error on 10 ('3.223.166.206', 443): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)

this is the agent info

» sudo apt show datadog-agent                                                                                                                                                                                           127 ↵
Package: datadog-agent
Version: 1:5.32.6-1
Priority: extra
Section: utils
Maintainer: Datadog Packages <package@datadoghq.com>
Installed-Size: 343 MB
Conflicts: datadog-agent-base (<< 5.0.0)
Replaces: datadog-agent-base (<< 5.0.0), datadog-agent-lib (<< 5.0.0)
Homepage: http://www.datadoghq.com
License: Simplified BSD License
Vendor: Datadog <info@datadoghq.com>
Download-Size: 105 MB
APT-Manual-Installed: yes
APT-Sources: https://apt.datadoghq.com stable/main amd64 Packages
Description: Datadog Monitoring Agent
 The Datadog Monitoring Agent is a lightweight process that monitors system
 processes and services, and sends information back to your Datadog account.
 .
 This package installs and runs the advanced Agent daemon, which queues and
 forwards metrics from your applications as well as system services.
 .
 See http://www.datadoghq.com/ for more information

N: There are 107 additional records. Please use the '-a' switch to see them.

@truthbk
Copy link
Member

truthbk commented May 30, 2020
edited
Loading

Fixed here: DataDog/dd-agent#3882

We're trying to get this shipped ASAP.

Some workarounds provided in that link for those who cannot wait for 5.32.7.

@clamoriniere
Copy link
Contributor

Hi @GeniusWiki @ramirovarandas @andibing

The certificat issue has been solved for Agent v6-7. You should be able to run apt [install|update] command.

We are still working on fixing it for Agent v5: #5656 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@truthbk @clamoriniere @GeniusWiki @gusy @olivielpeau @andibing @ramirovarandas