Consul: AutoEncrypt missing port in address

Created on 9 Jul 2019 · 3Comments · Source: hashicorp/consul

Getting a missing port error for autoencrypt.

A paragraph or two about the issue you're experiencing.

We have a cluster of 5 servers running with TLS enabled. But when we try to use TLS on the clients, we get this error:

agent: AutoEncrypt resolveAddr failed: address <server-ip>: missing port in address

Consul info for both Client and Server

Here's our client ssl config:

{
  "verify_incoming": false,
  "ca_file": "/etc/consul/ssl/consul-agent-ca.pem",
  "auto_encrypt": {
    "tls": true
  },
  "ports": {
    "http": -1,
    "https": 8501
  }
}

Not sure what other information would be helpful.

typbug

Source

hooksie1

Most helpful comment

I'm running into this as well, but have Cloud Auto-Joining set up for AWS. I've been unable to locate any configuration that would allow me to set the port on which to connect to on discovered IP addresses.

draoncc on 15 Jul 2019

👍3

All 3 comments

Just ran into this as well. As a workaround I updated my client's join configuration from:

retry_join = ["consul-server01"]

retry_join = ["consul-server01:8301"]

https://www.consul.io/docs/agent/options.html#retry-join says the port only needs to be specified if using a different Serf LAN port than the default 8301; The auto_encrypt option should probably support omitting the port for the join addrs.

tgerdes on 11 Jul 2019

draoncc on 15 Jul 2019

👍3

Just ran into this as well. As a workaround I updated my client's join configuration from:
retry_join = ["consul-server01"]
to
retry_join = ["consul-server01:8301"]
https://www.consul.io/docs/agent/options.html#retry-join says the port only needs to be specified if using a different Serf LAN port than the default 8301; The auto_encrypt option should probably support omitting the port for the join addrs.

That seems to have done it. Thanks!

hooksie1 on 15 Jul 2019

Was this page helpful?

0 / 5 - 0 ratings