Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
/var/log/graylog-server/server.log is filling with error message every 2 seconds (Failed to sign CSR for node). Cant use the error log to track down other possible problems in the future because of this.
2025-06-22T15:18:26.056+02:00 ERROR [CertificateExchangeImpl] Failed to sign CSR for node, skipping it for now.
java.lang.RuntimeException: java.lang.NullPointerException: Cannot invoke "org.bouncycastle.pkcs.PKCS10CertificationRequest.getSubject()" because the return value of "org.graylog2.cluster.certificates.CertificateSigningRequest.request()" is null
at org.graylog.security.certutil.CaKeystore.signCertificateRequest(CaKeystore.java:76) ~[graylog.jar:?]
at org.graylog2.bootstrap.preflight.GraylogCertificateProvisionerImpl.lambda$runProvisioning$0(GraylogCertificateProvisionerImpl.java:61) ~[graylog.jar:?]
at org.graylog2.cluster.certificates.CertificateExchangeImpl.signPendingCertificateRequests(CertificateExchangeImpl.java:102) [graylog.jar:?]
at org.graylog2.bootstrap.preflight.GraylogCertificateProvisionerImpl.runProvisioning(GraylogCertificateProvisionerImpl.java:61) [graylog.jar:?]
at org.graylog2.bootstrap.preflight.GraylogCertificateProvisioningPeriodical.doRun(GraylogCertificateProvisioningPeriodical.java:40) [graylog.jar:?]
at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:99) [graylog.jar:?]
at com.codahale.metrics.InstrumentedScheduledExecutorService$InstrumentedPeriodicRunnable.run(InstrumentedScheduledExecutorService.java:264) [graylog.jar:?]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?]
at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source) [?:?]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
at java.base/java.lang.Thread.run(Unknown Source) [?:?]
Caused by: java.lang.NullPointerException: Cannot invoke "org.bouncycastle.pkcs.PKCS10CertificationRequest.getSubject()" because the return value of "org.graylog2.cluster.certificates.CertificateSigningRequest.request()" is null
at org.graylog.security.certutil.CaKeystore.signCertificateRequest(CaKeystore.java:68) ~[graylog.jar:?]
... 12 more
but: everything seems to work fine. Can login, Graylog is receiving messages, indices are healthy, no problems. Just the serverlog is filling with this one error.
2. Describe your environment:
-
OS Information: Ubuntu 22.04.5 LTS
-
Package Version: 6.2.2+13ba949
-
Service logs, configurations, and environment variables:
graylog, graylog-datanode, mongodb running on the same machine with a single node-setup.
Preflight worked without any issues. Graylog Certificates were issued. Renewing is set to automatic. Even a manual renewing of the certificate in the cluster configuration menu worked.
graylog.conf:
is_leader = true
node_id_file = /etc/graylog/server/node-id
password_secret = k6349DcXqy6dNSdSR2sMRiVsQdt6bGUdf1q2uk5z4gtsHc6O2MlkU5qwim8D7TG4mMezMRYcCCJlYWJIdVlNcwRQog2q8Ff1
root_password_sha2 = 6379820badd5f9ec3e282417f3193b010fb88fee7fb68e66d30a3c7d2ec2bc86
root_timezone = CET
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 0.0.0.0:9000
stream_aware_field_types=false
disabled_retention_strategies = none,close
allow_leading_wildcard_searches = true
allow_highlighting = false
field_value_suggestion_mode = on
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
stale_leader_timeout = 5000
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
proxied_requests_thread_pool_size = 32
datanode.conf:
node_id_file = /etc/graylog/datanode/node-id
config_location = /etc/graylog/datanode
password_secret = k6349DcXqy6dNSdSR2sMRiVsQdt6bGUdf1q2uk5z4gtsHc6O2MlkU5qwim8D7TG4mMezMRYcCCJlYWJIdVlNcwRQog2q8Ff1
root_password_sha2 = 6379820badd5f9ec3e282417f3193b010fb88fee7fb68e66d30a3c7d2ec2bc86
mongodb_uri = mongodb://localhost/graylog
opensearch_location = /usr/share/graylog-datanode/dist
opensearch_config_location = /var/lib/graylog-datanode/opensearch/config
opensearch_data_location = /var/lib/graylog-datanode/opensearch/data
opensearch_logs_location = /var/log/graylog-datanode/opensearch
opensearch_configuration_overrides_file = /etc/graylog/datanode/overrideconfig.conf
opensearch_heap = 4g
overrideconfig.conf
cluster.routing.allocation.disk.watermark.low = 90%
3. What steps have you already taken to try and solve the problem?
reset opensearch config, deleted keystore
4. How can the community help?
any hints are welcome on how to stop this error message. Like I said, besides that everything else seems to work just fine.
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]