Hi! I am having an issue updating certs to use for my deployment of Vault…
The steps I took to add the certs were to add and create them in a custom location as shown below in my hcl config
disable_performance_standby = true
ui = true
storage "raft" {
path = "/opt/vault/data"
node_id = "mynode"
retry_join {
leader_api_addr = "http://xxx.xx.xx.xx:8200"
}
retry_join {
leader_api_addr = "http://xxx.xx.xx.xx:8200"
}
retry_join {
leader_api_addr = "http://xxx.xx.xx.xx:8200"
}
retry_join {
leader_api_addr = "http://xxx.xx.xx.xx:8200"
}
retry_join {
leader_api_addr = "http://xxx.xx.xx.xx:8200"
}
}
cluster_addr = "http://my.cluster.addr.xx:8201"
api_addr = "http://0.0.0.0:8200"
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "mypath/vault.crt"
tls_key_file = "mypath/vault.key"
tls_disable = 0
}
seal "awskms" {
region = "someregion"
kms_key_id = "XXXXXXXXXXXXXXXXXX"
}
#I only updated this on the leader and figured I needed to run
vault server -config=/etc/vault.d/vault.hcl
#I get this error
"Error initializing storage of type raft: failed to create fsm: failed to open bolt file: timeout"
Everything worked as expected before I tried to make a TLS change
I can not get to my UI at https://my-same-dns-I-could-get-to-with-http
Thanks Vault community