0kSfc8kfHDOuuVIaNjeY commented on issue #638:
URL:
https://github.com/apache/pekko-management/issues/638#issuecomment-3930552123
@pjfanning I have completed further tests and can tell you that the proposal
to set the
`pekko.management.cluster.bootstrap.contact-point.http-client.ca-path` has
changed the causing error message but has not relieved the issue. I have also
retried this with the Kubernetes certificate from the path that you have named
added to the truststore but there was no difference:
```
{"@timestamp":"2026-02-19T22:28:40.095108628+01:00","log.logger":"org.apache.pekko.management.cluster.bootstrap.internal.HttpContactPointBootstrap","log.level":"WARN","labels":{"pekkoUid":"6530242355703418859","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-24","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"pekko://[email protected]:1910/system/bootstrapCoordinator/contactPointProbe-172-28-49-165.server-kubernetes-dns-internal.standard.svc.cluster.local-8558","pekkoTimestamp":"21:28:40.095UTC"},"service.name":"Server","message":"Probing
[https://172-28-49-165.server-kubernetes-dns-internal.standard.svc.cluster.local:8558/bootstrap/seed-nodes]
failed due to: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target"}
javax.net.ssl|DEBUG|F2|PushServerSystem-pekko.actor.default-dispatcher-22|2026-02-19
22:28:40.095 CET|null:-1|Raw read (
0000: 15 03 03 00 02 02 2E .......
)
javax.net.ssl|DEBUG|F2|ServerSystem-pekko.actor.default-dispatcher-22|2026-02-19
22:28:40.095 CET|null:-1|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|F2|ServerSystem-pekko.actor.default-dispatcher-22|2026-02-19
22:28:40.095 CET|null:-1|Received alert message (
"Alert": {
"level" : "fatal",
"description": "certificate_unknown"
}
)
javax.net.ssl|ERROR|F2|ServerSystem-pekko.actor.default-dispatcher-22|2026-02-19
22:28:40.096 CET|null:-1|Fatal (CERTIFICATE_UNKNOWN): Received fatal alert:
certificate_unknown (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert:
certificate_unknown
```
I have then applied your pull request on the clean 1.2.x branch (without
that parameter from the previous attempt and also without that Kubernetes
certificate in the truststore) and has produced the desired output:
```
{"@timestamp":"2026-02-19T23:18:58.041282316+01:00","log.logger":"org.apache.pekko.management.cluster.bootstrap.internal.HttpContactPointBootstrap","log.level":"DEBUG","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-14","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"pekko://[email protected]:1910/system/bootstrapCoordinator/contactPointProbe-172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local-8558","pekkoTimestamp":"22:18:58.041UTC"},"service.name":"Server","message":"Probing
[https://172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local:8558/bootstrap/seed-nodes]
for seed nodes..."}
{"@timestamp":"2026-02-19T23:18:58.041933769+01:00","log.logger":"org.apache.pekko.http.impl.engine.client.PoolId","log.level":"DEBUG","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-21","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"ServerSystem/Pool(shared->https://172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local:8558)","pekkoTimestamp":"22:18:58.041UTC"},"service.name":"Server","message":"Dispatching
request [GET /bootstrap/seed-nodes Empty] to pool"}
{"@timestamp":"2026-02-19T23:18:58.042107005+01:00","log.logger":"org.apache.pekko.http.impl.engine.client.PoolId","log.level":"DEBUG","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-21","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"ServerSystem/Pool(shared->https://172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local:8558)","pekkoTimestamp":"22:18:58.042UTC"},"service.name":"Server","message":"[0
(Idle)]Dispatching request [GET /bootstrap/seed-nodes Empty]"}
{"@timestamp":"2026-02-19T23:18:58.042154897+01:00","log.logger":"org.apache.pekko.http.impl.engine.client.PoolId","log.level":"DEBUG","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-21","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"ServerSystem/Pool(shared->https://172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local:8558)","pekkoTimestamp":"22:18:58.042UTC"},"service.name":"Server","message":"[0
(Idle)]Before event [onNewRequest] In state [Idle] for [1232 ms]"}
{"@timestamp":"2026-02-19T23:18:58.042195329+01:00","log.logger":"org.apache.pekko.http.impl.engine.client.PoolId","log.level":"DEBUG","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-21","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"ServerSystem/Pool(shared->https://172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local:8558)","pekkoTimestamp":"22:18:58.042UTC"},"service.name":"Server","message":"[0
(PushingRequestToConnection)]After event [onNewRequest] State change [Idle] ->
[PushingRequestToConnection]"}
{"@timestamp":"2026-02-19T23:18:58.04223131+01:00","log.logger":"org.apache.pekko.http.impl.engine.client.PoolId","log.level":"DEBUG","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-21","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"ServerSystem/Pool(shared->https://172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local:8558)","pekkoTimestamp":"22:18:58.042UTC"},"service.name":"Server","message":"[0
(PushingRequestToConnection)]Before event [onRequestDispatched] In state
[PushingRequestToConnection] for [0 ms]"}
{"@timestamp":"2026-02-19T23:18:58.042273811+01:00","log.logger":"org.apache.pekko.http.impl.engine.client.PoolId","log.level":"DEBUG","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-21","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"ServerSystem/Pool(shared->https://172-28-49-140.server-kubernetes-dns-internal.standard.svc.cluster.local:8558)","pekkoTimestamp":"22:18:58.042UTC"},"service.name":"Server","message":"[0
(WaitingForResponse)]After event [onRequestDispatched] State change
[PushingRequestToConnection] -> [WaitingForResponse]"}
javax.net.ssl|DEBUG|71|ServerSystem-pekko.actor.default-dispatcher-6|2026-02-19
23:18:58.042 CET|null:-1|WRITE: TLSv1.2 application_data, length = 163
javax.net.ssl|DEBUG|71|ServerSystem-pekko.actor.default-dispatcher-6|2026-02-19
23:18:58.043 CET|null:-1|Plaintext before ENCRYPTION (
0000: 47 45 54 20 2F 62 6F 6F 74 73 74 72 61 70 2F 73 GET /bootstrap/s
0010: 65 65 64 2D 6E 6F 64 65 73 20 48 54 54 50 2F 31 eed-nodes HTTP/1
0020: 2E 31 0D 0A 48 6F 73 74 3A 20 31 37 32 2D 32 38 .1..Host: 172-28
0030: 2D 34 39 2D 31 34 30 2E 70 75 73 68 2D 73 65 72 -49-140.ser
0040: 76 65 72 2D 6B 75 62 65 72 6E 65 74 65 73 2D 64 ver-kubernetes-d
0050: 6E 73 2D 69 6E 74 65 72 6E 61 6C 2E 68 61 66 61 ns-internal.
0060: 73 2D 73 74 61 6E 64 61 72 64 2E 73 76 63 2E 63 standard.svc.c
0070: 6C 75 73 74 65 72 2E 6C 6F 63 61 6C 3A 38 35 35 luster.local:855
0080: 38 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 70 8..User-Agent: p
0090: 65 6B 6B 6F 2D 68 74 74 70 2F 31 2E 33 2E 30 0D ekko-http/1.3.0.
00A0: 0A 0D 0A ...
)
javax.net.ssl|DEBUG|71|ServerSystem-pekko.actor.default-dispatcher-6|2026-02-19
23:18:58.043 CET|null:-1|Raw write (
0000: 17 03 03 00 BB 00 00 00 00 00 00 00 23 1E B4 87 ............#...
0010: 96 1B 8B 94 C5 50 2D C5 BF 03 47 7D 70 A4 18 05 .....P-...G.p...
0020: FA 46 FF CF 06 58 BA 90 97 08 75 00 93 4E F5 1E .F...X....u..N..
0030: 09 F0 7F 2A 19 B8 C8 4E 18 68 34 0C 21 AC DC C8 ...*...N.h4.!...
0040: 82 80 4B 41 3C 29 14 E3 32 34 39 5A D9 9A 2D 5D ..KA<)..249Z..-]
0050: CE 42 D5 F9 07 62 F9 9E DF DE 8F AE 96 8E B5 05 .B...b..........
0060: D4 C5 88 D2 13 21 99 B4 53 ED EC 0D A7 25 A1 40 .....!..S....%.@
0070: 85 6E C2 41 D2 53 3A DA 20 5E FE E6 EE FC C8 89 .n.A.S:. ^......
0080: 2E 0A 08 A1 1A C5 4F 2C AC 9D 78 C8 1E 0D 86 BB ......O,..x.....
0090: 78 04 32 07 15 9A 44 6C A1 27 FD 65 9C 3B D9 44 x.2...Dl.'.e.;.D
00A0: B4 AF 4D 2D 82 40 3B 8B E0 7C DC 7C 57 E3 95 F7 ..M-.@;.....W...
00B0: 8E 52 46 21 AA F8 67 0D 76 E9 F6 C2 97 5D 13 1C .RF!..g.v....]..
)
javax.net.ssl|DEBUG|B2|ServerSystem-pekko.actor.default-dispatcher-21|2026-02-19
23:18:58.044 CET|null:-1|Raw read (
0000: 17 03 03 00 BB 00 00 00 00 00 00 00 23 1E B4 87 ............#...
0010: 96 1B 8B 94 C5 50 2D C5 BF 03 47 7D 70 A4 18 05 .....P-...G.p...
0020: FA 46 FF CF 06 58 BA 90 97 08 75 00 93 4E F5 1E .F...X....u..N..
0030: 09 F0 7F 2A 19 B8 C8 4E 18 68 34 0C 21 AC DC C8 ...*...N.h4.!...
0040: 82 80 4B 41 3C 29 14 E3 32 34 39 5A D9 9A 2D 5D ..KA<)..249Z..-]
0050: CE 42 D5 F9 07 62 F9 9E DF DE 8F AE 96 8E B5 05 .B...b..........
0060: D4 C5 88 D2 13 21 99 B4 53 ED EC 0D A7 25 A1 40 .....!..S....%.@
0070: 85 6E C2 41 D2 53 3A DA 20 5E FE E6 EE FC C8 89 .n.A.S:. ^......
0080: 2E 0A 08 A1 1A C5 4F 2C AC 9D 78 C8 1E 0D 86 BB ......O,..x.....
0090: 78 04 32 07 15 9A 44 6C A1 27 FD 65 9C 3B D9 44 x.2...Dl.'.e.;.D
00A0: B4 AF 4D 2D 82 40 3B 8B E0 7C DC 7C 57 E3 95 F7 ..M-.@;.....W...
00B0: 8E 52 46 21 AA F8 67 0D 76 E9 F6 C2 97 5D 13 1C .RF!..g.v....]..
)
javax.net.ssl|DEBUG|B2|ServerSystem-pekko.actor.default-dispatcher-21|2026-02-19
23:18:58.044 CET|null:-1|READ: TLSv1.2 application_data, length = 187
javax.net.ssl|DEBUG|B2|ServerSystem-pekko.actor.default-dispatcher-21|2026-02-19
23:18:58.044 CET|null:-1|Plaintext after DECRYPTION (
0000: 47 45 54 20 2F 62 6F 6F 74 73 74 72 61 70 2F 73 GET /bootstrap/s
0010: 65 65 64 2D 6E 6F 64 65 73 20 48 54 54 50 2F 31 eed-nodes HTTP/1
0020: 2E 31 0D 0A 48 6F 73 74 3A 20 31 37 32 2D 32 38 .1..Host: 172-28
0030: 2D 34 39 2D 31 34 30 2E 70 75 73 68 2D 73 65 72 -49-140.ser
0040: 76 65 72 2D 6B 75 62 65 72 6E 65 74 65 73 2D 64 ver-kubernetes-d
0050: 6E 73 2D 69 6E 74 65 72 6E 61 6C 2E 68 61 66 61 ns-internal.
0060: 73 2D 73 74 61 6E 64 61 72 64 2E 73 76 63 2E 63 standard.svc.c
0070: 6C 75 73 74 65 72 2E 6C 6F 63 61 6C 3A 38 35 35 luster.local:855
0080: 38 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 70 8..User-Agent: p
0090: 65 6B 6B 6F 2D 68 74 74 70 2F 31 2E 33 2E 30 0D ekko-http/1.3.0.
00A0: 0A 0D 0A ...
)
{"@timestamp":"2026-02-19T23:18:58.047989036+01:00","log.logger":"org.apache.pekko.management.cluster.bootstrap.contactpoint.HttpClusterBootstrapRoutes","log.level":"INFO","labels":{"pekkoUid":"-7036794186920836099","sourceThread":"ServerSystem-pekko.actor.default-dispatcher-21","sourceActorSystem":"ServerSystem","pekkoAddress":"pekko://[email protected]:1910","pekkoSource":"HttpClusterBootstrapRoutes(pekko://ServerSystem)","pekkoTimestamp":"22:18:58.047UTC"},"service.name":"Server","message":"Bootstrap
request from 172.28.49.140:33152: Contact Point returning 0 seed-nodes []"}
```
To me this looks like that your pull request will resolve this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
