Unimoni
Create account
Knowledge base/Troubleshooting

TLS handshake fails

Symptoms

agent: x509: certificate signed by unknown authority

Causes

  1. The CA is not trusted — the agent does not know our CA bundle
  2. System time skew — the cert is valid from X to Y, but the agent's clock is out of range
  3. SNI mismatch — the cert was issued for one.example.com, the agent connects to another.example.com

Fixes

  1. unimoni-agent --ca-bundle /etc/ssl/unimoni-ca.crt
  2. sudo systemctl restart systemd-timesyncd + check timedatectl status
  3. Use the hostname from the cert SAN (openssl s_client -connect host:8443 | openssl x509 -noout -text)
Metrics do not show up on the dashboard
CORS errors in embed
Alerts do not fire