When configuring complex systems, it is inevitable that mistakes will be made, steps will be skipped, or changes will have side effects you didn't expect. Below we've included some guidance regarding common error messages you may encounter when working with Consul.
Once TLS is enabled, Consul uses port
8501 for communications. If you are using
Consul on Kubernetes, and you see the following error message:
Error retrieving members: Get "http://127.0.0.1:8500/v1/agent/members?segment=_all": EOF
Review your port-forward configuration, and make sure to change your port forward command to forward from 8501 on the server container in the Kubernetes cluster.
$ kubectl port-forward --address 0.0.0.0 consul-server-0 8501:8501
»Sent HTTP request to an HTTPS server
You may receive an error indicating that you are trying to send HTTP traffic to an HTTPS server.
Unexpected response code: 400 (Client sent an HTTP request to an HTTPS server.)
This is an indicator that TLS configuration on the development host is incomplete. There are a couple of options to get past this hurdle.
You can either set the
CONSUL_HTTP_SSLenvironment variable to true like so.
$ export CONSUL_HTTP_SSL=true
Or, you can set the
CONSUL_HTTP_ADDR environment variable to an HTTPS address like this:
$ export CONSUL_HTTP_ADDR=https://<server-ip>:8501
Either option, should provide the Consul CLI with enough information to infer that it should use HTTPS.
»x509 certificate error
Once TLS is enabled, you may see the following x509 error message.
Error retrieving members: Get "https://127.0.0.1:8501/v1/agent/members?segment=_all": x509: certificate signed by unknown authority
This indicates that command is reaching the server, but communication is being rejected because the TLS handshake can't be negotiated. In order to authenticate with the server, the client needs to supply a valid CA secret via one of several methods detailed in the documentation.
If none of these error messages or common solutions are relevant to your situation, refer to our Troubleshooting tutorial for more ideas.