Wazuh Docker: Problems after upgrading 4.3.10 to 4.4.0

[Michael Reiner]

Hey.

I recently upgraded my Wazuh Docker setup from 4.3.10 to 4.4.0.

Now i get the following errors when i start with docker compose up:

wazuh-wazuh.indexer-1 | [2023-04-04T07:50:39,790][WARN ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/172.23.0.4:9200, remoteAddress=/172.23.0.3:42778}
wazuh-wazuh.indexer-1 | io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate



wazuh-wazuh.dashboard-1 | {"type":"log","@timestamp":"2023-04-04T07:52:32Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: unable to verify the first certificate"}
wazuh-wazuh.dashboard-1 | {"type":"log","@timestamp":"2023-04-04T07:52:35Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: unable to verify the first certificate"}

[Tomas Benitez Vescio]

Hi,
Thanks for using Wazuh!

It seems like there is an issue with SSL certificates after upgrading Wazuh. Some things you could try are:

• Verify that the SSL certificate is valid and trusted by checking its expiration date, etc
• Make sure that the SSL certificate is installed correctly in the container and that the container can access it
• Check the permissions of the SSL certificate file and make sure that it is readable by the user running the Docker container
• If you are using a self-signed certificate, you need to add it to the trusted certificates in the container or the host machine
• Check the network configuration to ensure that the containers can communicate with each other and that the ports are open and reachable

Is possible that because of the upgrade you would need to generate new certificates from scratch, for that you may also find the following documentation useful: Certificates deployment and Wazuh Docker deployment.

Regards.

[Michael Reiner]

I restored wazuh from backup back to 4.3.10 and it is running for now.

Simply downgrading to 4.3.10 again did not work.

Also i did try to regenerate the certs with

docker-compose -f generate-indexer-certs.yml run --rm generator
after the 4.4 upgrade, but this did not help either.

[Tomas Benitez Vescio]

I see, it seems that there could be an issue in Wazuh Docker regarding the upgrade from 4.3.10 to 4.4.0. Currently, there are two open issues in the wazuh-docker repository related to this: Docker update from 4.3.10 to 4.4.0 and Docker don`t accept the ssl generated.  I recommend keeping an eye on these issues, as any new information regarding the problem you are experiencing will likely come from there. Nevertheless, I will also try to do some more research and keep you informed if I find anything new.

[Michael Reiner]

Issue is still open.

Just tried upgrading from 4.3.10 to 4.4.1. Same problem. 

[Michael Reiner]

FYI: 

Solution https://github.com/wazuh/wazuh-docker/issues/822#issuecomment-1523096642

[Valton T.]

I had the same problem I though it was my mistake so i had to reinstall . but yea ubuntu update it self including indexer and after that everything was a mess .