Consul watches via http requests on management IP getting blocked

jvishwanath66 · November 17, 2021, 8:02am

Consul watches send HTTP-API requests on management IP. But we can not add IP addresses in SSL certificates(alt_names/SAN), as a result, the API calls are getting blocked due to verification failure. Is there a way(configuration changes) to bind the consul watches API calls to hostname so that the API request performed on the hostname will be verified by SSL certificate?

PFA: Error Screenshot

blake · November 29, 2021, 10:19pm

For others watching this thread, this problem was determined to be a bug that is encountered when watches are defined in the Consul agent configuration and a non-localhost address is used for the -client address.

The bug is being tracked in the following GitHub issue: https://github.com/hashicorp/consul/issues/11683.