Elastic Search failed to start after enabling xpack

Question

I am trying to enable xpack in elasticsearch and followed the getting started blog post from elasticsearch site.

Things I did:

1. I ran this command $/usr/share/elasticsearch/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass "" and entered /etc/elasticsearch/elastic-certificates.p12 when asked for desired output file.

2. Edited the elasticsearch.yml config file located at /etc/elasticsearch/elasticsearch.yml and entered following lines:

    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /etc/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /etc/elastic-certificates.p12
   

Logs/ Exceptions from /var/log/elasticsearch/elasticsearch.log

2021-06-10T02:58:12,542][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested:
 ElasticsearchException[failed to create trust manager]; nested: ElasticsearchException[failed to initialize SSL TrustManager - keystore file [/etc/el
asticsearch/elastic-certificates.p12] does not exist]; nested: AccessDeniedException[/etc/elasticsearch/elastic-certificates.p12];

Caused by: org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]

Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12

Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12

Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/elastic-certificates.p12

The permissions for my .p12 cert file is rw-------

What am i missing here?

I followed the documentation line by line

Answer 1

I got this exact same error because I had some leftover files and yes lines in the elasticsearch.yml file for security that were leftover from a previous run.

To rerun Elasticsearch (this worked for Elasticsearch for Windows 10, version 8.4.1) and eliminate this issue, go to the main Elasticsearch folder where it was installed then:

1. Delete the data and certs folders.
2. Delete the elasticsearch.keystore file.
3. Edit the elasticsearch.yml file by removing the generated lines and just leave the comments (default).
4. I also delete all the log files under the logs folder to clean things up.
5. Rerun the startup command for elasticsearch from a command prompt window: .\bin\elasticsearch.bat

Answer 2

Your path in elasticsearch.yml is wrong.

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elastic-certificates.p12

If you placed the certificate in /etc/elasticsearch folder, then correct it.

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Also make sure that owner of the cert is root:elasticsearch

sudo chown root:elasticsearch /etc/elasticsearch/elastic-c*