Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubuntu install - Expired certificate #623

Open
tishma opened this issue Jun 11, 2024 · 7 comments
Open

Ubuntu install - Expired certificate #623

tishma opened this issue Jun 11, 2024 · 7 comments

Comments

@tishma
Copy link

tishma commented Jun 11, 2024

Following the Debian-based distro agent installation, got this:

$ sudo apt-get update
Ign:1 https://assets.logdna.com stable InRelease
Err:2 https://assets.logdna.com stable Release        
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. 
****

Tried updating certificates - no luck.
@jakedipity
Copy link
Contributor

@tishma What version of Debian are you running? This might possibly be related to apt-key being removed in Debian 12. Does the following work?

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/logdna.gpg] https://repo.logdna.com stable main" | sudo tee /etc/apt/sources.list.d/logdna.list
sudo apt-get update
sudo apt-get install -y logdna-agent

@tishma
Copy link
Author

tishma commented Jun 12, 2024
edited
Loading

It's Ubuntu 20.04
I didn't have logdna.gpg at /usr/share/keyrings/logdna.gpg. I've used apt_key ansible task to add the key from https://assets.logdna.com/logdna.gpg, which should be equivalent to wget followed by apt-key add - cmd.
After downloading the key and placing it there - apt-get update is giving:

Get:1 https://repo.logdna.com stable InRelease [2336 B]
Err:1 https://repo.logdna.com stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C1BF174AEF506BE8

@tishma
Copy link
Author

tishma commented Jun 12, 2024
edited
Loading

The meaningful diff appears to be using repo.logdna.com instead of assets.logdna.com suggested here: https://github.com/logdna/logdna-agent-v2/blob/master/docs/LINUX.md#installation-first-time-installations.

@tishma
Copy link
Author

tishma commented Jun 12, 2024

repo.logdna ended up installing legacy version 2.2 that didn't load my /etc/logdna.env.
I am out of ideas. Skipping verification until this is resolved.

@echoblag
Copy link

@tishma
Howdy, I was able to get the agent working on Ubuntu 22.04 using the following:

curl -fsSL https://repo.logdna.com/logdna.gpg | sudo gpg --dearmor -o /usr/share/keyrings/logdna.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/logdna.gpg] https://repo.logdna.com stable main" | sudo tee /etc/apt/sources.list.d/logdna.list

sudo apt-get update
sudo apt-get install -y logdna-agent

This resolved the unsigned repo error, which makes sense since we retrieve the certificate first before adding it to the keyring.

@tishma
Copy link
Author

tishma commented Jul 31, 2024

Thanks @echoblag

It's been a while, and what you did - looks like equivalent of my previous comment.

Which version was installed?

@echoblag
Copy link

echoblag commented Jul 31, 2024
edited
Loading

Thanks @echoblag

It's been a while, and what you did - looks like equivalent of my previous comment.

Which version was installed?

It looks like it's version 2.2.1, looks like that problem still remains.

Re-reading you previous comment, I see what you mean, I just needed to spell it out for myself using the full commands.

Regarding the env file no longer being referenced, I had to use:

sudo logdna-agent -k ${logdna_ingestion_key}
sudo logdna-agent -t tag,tag

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tishma @jakedipity @echoblag