You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I've successfully migrated my MC instance from the system installed app to this docker version. I migrated also all the data, located in meshcentral-data folder (only updated some config params), Let's Encrypt cert from the old server, apache config etc, etc. All seemed to work as supposed till the time for a cert renewal had come. After that, all of my agents suddenly lost connection with the server. Or better to say, server ignores them because of some kind of certificate mismatch. I have been running MeshCentral for some time now, usually behind an Apache reverse proxy and I have never had any problems with certificate renewal, also MC author Ylianst describes in a lot of github threads and forums, that MeshCentral does count with this situation and until I modify or delete the main certificate (agentserver-cert), all the agent shall recognize the server and update its certificate according to it. It was working with the installed application directly on the server but not with this docker image. I temporarily run the app with the expired certificate but that's hassle since all the browsers are yelling at me, android do not work at all and I even can't add any new agents to the server because of it.... Is there something I overlooked? I tried also replacing certs (webserver-cert) in the mc-data folder manually with the new LetsEncrypt cert, but that did not work either. Also setting parameter "IgnoreAgentHashCheck" is doing nothing, the only thing which works for me is setting the old cert in the Apache reverse proxy back. Thanks for any tips.
MeshCentral HTTP server running on port 4430, alias port 443.
MeshCentral HTTP relay server running on wr1.mc.domain.com:4430, alias port 443.
Agent bad web cert hash (Agent:03f****804 != Server:966****4b5 or 966****4b5), holding connection (**.44.**.122:45430).
Agent reported web cert hash:03f**********36ab9a60f1825d4c98e219ace5104202bd2e64c45f5ec7cb1b0cb1f5efdb2de51c7745a6ad9cd8e0c4f.
Loaded web certificate from "https://mc.domain.com", host: "mc.domain.com"
SHA384 cert hash: 03f**********36ab9a60f1825d4c98e219ace5104202bd2e64c45f5ec7cb1b0cb1f5efdb2de51c7745a6ad9cd8e0c4f
WARNING: Unable to find mysqldump, MySQL/MariaDB database auto-backup will not be performed.
MeshCentral HTTP redirection server running on port 81.
MeshCentral v1.1.24, Hybrid (LAN + WAN) mode, Production mode.
MeshCentral Intel(R) AMT server running on mc.domain.com:4433.
Hello, I've successfully migrated my MC instance from the system installed app to this docker version. I migrated also all the data, located in meshcentral-data folder (only updated some config params), Let's Encrypt cert from the old server, apache config etc, etc. All seemed to work as supposed till the time for a cert renewal had come. After that, all of my agents suddenly lost connection with the server. Or better to say, server ignores them because of some kind of certificate mismatch. I have been running MeshCentral for some time now, usually behind an Apache reverse proxy and I have never had any problems with certificate renewal, also MC author Ylianst describes in a lot of github threads and forums, that MeshCentral does count with this situation and until I modify or delete the main certificate (agentserver-cert), all the agent shall recognize the server and update its certificate according to it. It was working with the installed application directly on the server but not with this docker image. I temporarily run the app with the expired certificate but that's hassle since all the browsers are yelling at me, android do not work at all and I even can't add any new agents to the server because of it.... Is there something I overlooked? I tried also replacing certs (webserver-cert) in the mc-data folder manually with the new LetsEncrypt cert, but that did not work either. Also setting parameter "IgnoreAgentHashCheck" is doing nothing, the only thing which works for me is setting the old cert in the Apache reverse proxy back. Thanks for any tips.
MeshCentral config (not all)
container config
Apache config
MC container log
MC Trace log (agent traffic)
The text was updated successfully, but these errors were encountered: