flower01840 发表于 2018-3-31 14:46:15

icinga2 - The certificate for CN 'icinga2client' cannot be renewed yet

环境:icinga2版本 2.8.2-1
做了master和client
master: icinga2master
client: icinga2client

/etc/icinga2/zones.conf下定义了endpoint和zone
object Endpoint "icinga2master.example.com" {
host = "192.168.217.230"
}
object Endpoint "icinga2client.example.com" {
host = "192.168.217.229"
}
object Zone "master" {
      endpoints= [ "icinga2master.example.com" ]
}

object Zone "client" {
endpoints = [ "icinga2client.example.com" ]
parent = "master"
}

#icinga2 node wizard 分别定义了master和client, ca也sign了
# icinga2 ca list
Fingerprint                                                      | Timestamp                | Signed | Subject
-----------------------------------------------------------------|--------------------------|--------|--------
923765464895808820fb04099c1b136d1246c20b6d41a437617789f5f00c21a7 | Mar 29 11:44:20 2018 GMT | *      | CN = icinga2client.example.com


但是查看日志时出现The certificate for CN 'icinga2client' cannot be renewed yet错误
cat /var/log/icinga2/icinga2.log | grep icinga2clent
information/ApiListener: New client connection for identity 'icinga2client.example.com' from :45154
information/ApiListener: Sending config updates for endpoint 'icinga2client.example.com' in zone 'client'.
information/ApiListener: Finished sending config file updates for endpoint 'icinga2client.example.com' in zone 'client'.
information/ApiListener: Syncing runtime objects to endpoint 'icinga2client.example.com'.
information/ApiListener: Finished syncing runtime objects to endpoint 'icinga2client.example.com'.
information/ApiListener: Finished sending runtime config updates for endpoint 'icinga2client.example.com' in zone 'client'.
information/ApiListener: Sending replay log for endpoint 'icinga2client.example.com' in zone 'client'.
information/ApiListener: Finished sending replay log for endpoint 'icinga2client.example.com' in zone 'client'.
information/ApiListener: Finished syncing endpoint 'icinga2client.example.com' in zone 'client'.
information/JsonRpcConnection: Received certificate request for CN 'icinga2client.example.com' signed by our CA.
information/JsonRpcConnection: The certificate for CN 'icinga2client.example.com' cannot be renewed yet.


能否帮忙指点一下,谢谢


页: [1]
查看完整版本: icinga2 - The certificate for CN 'icinga2client' cannot be renewed yet