Regarding the agent output error “x509: certificate signed by unknown authority”

Hello. Mackerel team CRE Inoue (id:a-know) here.

We are currently updating the certificate, and during this time, we have confirmed cases of the Mackerel agent outputting the error x509: certificate signed by unknown authority.

The Mackerel agent output log will show the following.

Failed to post metrics value (will retry): Post x509: certificate signed by unknown authority

In response to this, we have created a new FAQ page.

We have confirmed that this event may occur when the CA certificate of the host on which Mackerel agent is installed is outdated (when using CentOS 6 etc.). If this is the case, please update the ca-certificates package or update Windows as described in the FAQ page above.

In light of this occurrence, we will temporarily suspend renewing the certificate and plan to resume on Tuesday, May 12th, 2020 (JST).

This event of a CA certificate becoming outdated and failing to establish SSL/TLS communication can occur in any case where SSL/TLS communication is performed from a host, and is not limited to Mackerel. So we recommend that you update your host’s CA certificate regularly.