Authorization request error: Host validation error

Hello,

I’m unable to resolve a client authorization error, which as per the snapshot below shows the log messages “Failure occurred while executing authorization request " and “Authorization request error: Host validation error”.

As per the trouble shooting guide I confirmed the server.crt file matches the “openssl s_client….” Output.

I’ve also compared the mender.conf file to the client mender.conf file of the original client that is authorized by my original server with no discernible difference (please refer mender.conf printout below).

I’ve also searched the hub.mender.io for similar topics but none answer this issue.

Thanks,
Graham.

– Logs begin at Thu 2021-03-04 06:45:58 UTC, end at Thu 2021-03-04 06:48:05 UTC. –

Mar 04 06:48:02 xm9 systemd[1]: Started Mender OTA update service.

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“Loaded configuration file: /var/lib/mender/mender.conf”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“Loaded configuration file: /etc/mender/mender.conf”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“Mender running on partition: /dev/sda2”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“State transition: init [none] → init [none]”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“State transition: init [none] → idle [Idle]”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“State transition: idle [Idle] → authorize-wait [Idle]”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“State transition: authorize-wait [Idle] → authorize [Sync]”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=error msg=“Failure occurred while executing authorization request: &url.Error{Op:“Post”, URL:“https://10.76.9.142/api/devices/v1/authentication/auth_requests”, Err:(*errors.errorString)(0xc000090c50)}”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=error msg=“Authorization request error: Host validation error”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=error msg=“Authorize failed: transient error: authorization request failed: generic error occurred while executing authorization request: Post “https://10.76.9.142/api/devices/v1/authentication/auth_requests”: Host validation error”

Mar 04 06:48:05 xm9 mender[3508]: time=“2021-03-04T06:48:05Z” level=info msg=“State transition: authorize [Sync] → authorize-wait [Idle]”

mender.conf printout…

:/etc/mender# cat mender.conf
{
“InventoryPollIntervalSeconds”: 28800,
“RetryPollIntervalSeconds”: 300,
“ServerURL”: “https://server ip address”,
“TenantToken”: “my tenant token”,
“UpdatePollIntervalSeconds”: 300,
“ServerCertificate”: “/etc/mender/server.crt”
}

It is not legal to use an IP address for https hosts. You must use a real host/domain name, with a valid certificate. Please see Certificates and keys in the documentation for more information.

If the intention is to test against a local machine, then you can also update your local dns server or local hosts files to resolve the domain to the local IP just for testing.

Thanks Dell and kacf,

You were on the money, a rookie error, client now authorized. As a temporary work around adding the hostname to my local hosts file enabled me to replace the IP address with the server host name.