Posting this here because in the hopes someone has an answer and that this helps anyone else encountering the issue.
I have a pool of a few hosts which I recently upgraded to XCP-NG 8.3 from 8.2. And, now, I am attempting to add a new host to this pool to increase my resource capacity. However, after adding the new server in Xen Orchestra, I go to my primary pool to begin the process of adding the new server but that fails with an error "Internal_Error(Stunnel.Stunnel [some text that runs off the screen] routines::certificate verify failed"))"
The full error is as follows:
"Stunnel.Stunnel_verify_error("0A000086:SSL routines::certificate verify failed")"
And the complete readout of the event is as follows:
{
"id": "0mpn7bwnk",
"properties": {
"method": "pool.mergeInto",
"params": {
"sources": [
"65c279b5-5a9d-db33-92f1-3f057fbafda6"
],
"target": "f735841b-af37-0547-5d1e-8cb11bc51f0d",
"force": true
},
"name": "API call: pool.mergeInto",
"userId": "905ebdb9-6698-4902-8e60-9a028d1aa441",
"type": "api.call"
},
"start": 1779834203408,
"status": "failure",
"updatedAt": 1779834206165,
"end": 1779834206165,
"result": {
"code": "INTERNAL_ERROR",
"params": [
"Stunnel.Stunnel_verify_error("0A000086:SSL routines::certificate verify failed")"
],
"call": {
"duration": 2713,
"method": "pool.join_force",
"params": [
"* session id ",
"192.168.1.11",
"root",
" obfuscated *"
]
},
"message": "INTERNAL_ERROR(Stunnel.Stunnel_verify_error("0A000086:SSL routines::certificate verify failed"))",
"name": "XapiError",
"stack": "XapiError: INTERNAL_ERROR(Stunnel.Stunnel_verify_error("0A000086:SSL routines::certificate verify failed"))\n at Function.wrap (file:///usr/local/lib/node_modules/xo-server/node_modules/xen-api/_XapiError.mjs:16:12)\n at file:///usr/local/lib/node_modules/xo-server/node_modules/xen-api/transports/json-rpc.mjs:38:21\n at runNextTicks (node:internal/process/task_queues:60:5)\n at processImmediate (node:internal/timers:454:9)\n at process.callbackTrampoline (node:internal/async_hooks:130:17)"
}
}
Obviously, it's unhappy about the certs. But I can't figure out why. For additional context, I have never messed with the certs on these servers previously. Based on some other forum posts, I went and checked the cert at /etc/stunnel/xapi-stunnel-ca-bundle.pem on the pool master as well as this new host. Seeing that it exists but unsure of whether it was still integral, I even ran xe host-refresh-server-certificate host=hostname on both just in case. Despite that, this error persists. Does anyone have any insight into the error or a possible fix from what they may have encountered themselves previously?
