HomepageBlog

Troubleshooting

Failed to verify certificate: x509

Your issue arises from a mismatch between the 'hostname' specified in the frontend and the one defined in the SSL certificate.

Example:

  • Nodeum Hostname: example-nodeum1

  • Certificate Hostname: example-nodeum1.domain.com

This can be observed in the two following services: scheduler and mount_point_scanning services.

Example of the output of the mount_point_scanning which help to confirm the issue to verify the certificate:

nodeum_mount_point_scanning.service - "Service for Nodeum MountPoint Scanning"
   Loaded: loaded (/etc/systemd/system/nodeum_mount_point_scanning.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2025-12-05 08:34:48 UTC; 3min 41s ago
 Main PID: 2297047 (mount_point_sca)
    Tasks: 13 (limit: 203232)
   Memory: 41.3M
   CGroup: /system.slice/nodeum_mount_point_scanning.service
           └─2297047 /opt/nodeum/bin/mount_point_scanning -l 0.0.0.0:8082 -n https://example-nodeum1:443

Dec 05 08:36:18 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:36:18 Syncing primary storage
Dec 05 08:36:18 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:36:18 Could not fetch mount points, retrying in 30s: Get "https://example1-nodeum1:443/api/v2/pools?type=primary": tls: failed to verify certificate: x509: certificate is valid for example-nodeum1.domain.com, localhost, not example1-nodeum1
Dec 05 08:36:48 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:36:48 Syncing primary storage
Dec 05 08:36:48 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:36:48 Could not fetch mount points, retrying in 30s: Get "https://example1-nodeum1:443/api/v2/pools?type=primary": tls: failed to verify certificate: x509: certificate is valid for example-nodeum1.domain.com, localhost, not example1-nodeum1
Dec 05 08:37:18 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:37:18 Syncing primary storage
Dec 05 08:37:18 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:37:18 Could not fetch mount points, retrying in 30s: Get "https://example1-nodeum1:443/api/v2/pools?type=primary": tls: failed to verify certificate: x509: certificate is valid for example-nodeum1.domain.com, localhost, not example1-nodeum1
Dec 05 08:37:48 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:37:48 Syncing primary storage
Dec 05 08:37:48 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:37:48 Could not fetch mount points, retrying in 30s: Get "https://example1-nodeum1:443/api/v2/pools?type=primary": tls: failed to verify certificate: x509: certificate is valid for example-nodeum1.domain.com, localhost, not example1-nodeum1
Dec 05 08:38:18 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:38:18 Syncing primary storage
Dec 05 08:38:18 example-nodeum1 mount_point_scanning[2297047]: 2025/12/05 08:38:18 Could not fetch mount points, retrying in 30s: Get "https://example1-nodeum1:443/api/v2/pools?type=primary": tls: failed to verify certificate: x509: certificate is valid for example-nodeum1.domain.com, localhost, not example1-nodeum1

There are two ways to resolve this:

  1. Change the certificate hostname to example-nodeum1 in creating a new certificate with the appropriate name.

  2. Updating Nodeum Hostname

    To change the Nodeum hostname to example-nodeum1.domain.com, follow these steps:

    1. Modify Nodeum Inventory:

      • Open the file ~/nodeum-version/inventory/host_vars/srv1.

      • Locate and update the line to:

        web_server_name: example-nodeum1.domain.com

    2. Reconfigure Nodeum:

      • Run the Ansible playbook to apply the changes.

    3. Verification:

      • Check the configuration using:

        cat /etc/nodeum_env | grep NODEUM_RAILS

      • Confirm the output shows:

        NODEUM_RAILS=https://example-nodeum1.domain.com:443

    4. Service Check:

      • Ensure services are running with the following commands:

        systemctl status nodeum_mount_point_scanning
systemctl status nodeum_scheduler

    Follow these steps to update the Nodeum hostname and ensure all services function correctly.

Example output of the mount_point_scanning process, which successfully verifies the certificate:

nodeum_mount_point_scanning.service - "Service for Nodeum MountPoint Scanning"
   Loaded: loaded (/etc/systemd/system/nodeum_mount_point_scanning.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2025-12-05 09:04:21 UTC; 1min 8s ago
 Main PID: 2385882 (mount_point_sca)
    Tasks: 13 (limit: 203232)
   Memory: 40.0M
   CGroup: /system.slice/nodeum_mount_point_scanning.service
           └─2385882 /opt/nodeum/bin/mount_point_scanning -l 0.0.0.0:8082 -n https://example-nodeum1.domain.com:443

Dec 05 09:04:21 example-nodeum1 systemd[1]: Started "Service for Nodeum MountPoint Scanning".
Dec 05 09:04:21 example-nodeum1 mount_point_scanning[2385882]: 2025/12/05 09:04:21 Starting Nodeum MS Mount Point (version v1.100.2)
Dec 05 09:04:21 example-nodeum1 mount_point_scanning[2385882]: 2025/12/05 09:04:21 Syncing primary storage
Dec 05 09:04:21 example-nodeum1 mount_point_scanning[2385882]: 2025/12/05 09:04:21 Mount detected on /mnt/Pool/14/DataSet/NAS01
Dec 05 09:04:21 example-nodeum1 mount_point_scanning[2385882]: 2025/12/05 09:04:21 Mount detected on /mnt/FUSE
Dec 05 09:04:21 example-nodeum1 mount_point_scanning[2385882]: 2025/12/05 09:04:21 Found 1 primary pool(s)

Last updated

Was this helpful?