I have one Icinga2 master (mon-master) and one Icinga2 client (cl0). Both are Icinga2 v2.6.3. Today I successfully ran 'icinga2 node wizard' on cl0 but there seems to be something wrong with the certs. When I attempt to start Icinga2 on cl0 I see:
critical/SSL: Error on bio X509 AUX reading pem file '/etc/icinga2/pki/cl1-snmp.polyp.net.crt': 0, "error:00000000:lib(0):func(0):reason(0)"
critical/config: Error: Cannot get certificate from cert path: '/etc/icinga2/pki/cl1-snmp.polyp.net.crt'.
Location: in /etc/icinga2/features-enabled/api.conf: 5:1-5:24
/etc/icinga2/features-enabled/api.conf(3): */
/etc/icinga2/features-enabled/api.conf(4):
/etc/icinga2/features-enabled/api.conf(5): object ApiListener "api" {
^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/features-enabled/api.conf(6): cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
/etc/icinga2/features-enabled/api.conf(7): key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
All the perms are correct on the files in /etc/icinga2/pki:
-rw-r--r-- 1 root root 1720 May 12 08:59 ca.crt
-rw-r--r-- 1 icinga icinga 54 May 12 08:59 cl1-snmp.polyp.net.crt
-rw------- 1 icinga icinga 3243 May 12 08:57 cl1-snmp.polyp.net.crt.key