All Microservices Fail to Start Except Keyvault
When starting PrivX, all microservices fail to launch (or go down), except for the Keyvault service. This typically occurs in environments where SSL certificate trust is misconfigured or incomplete.
Other symptons of this issue are the following:
Required certificate files, such as
nginx.crtandnginx-internal.crt, are missing from the/etc/nginx/ssl/directory.System logs show repeated error messages similar to the following:
KEYVAULT [ERROR] 401 PERMISSION_DENIED Basic Authentication missing AUTH [FATAL] Get https://localhost/keyvault/api/v1/passphrase/*****: x509: certificate signed by unknown authority
Potential Solution
To restore service functionality, update the trusted certificate chain and restart the necessary services:
Log in to the PrivX server as the
rootuser.Run the following commands:
/opt/privx/scripts/init_nginx.sh update-trust /etc/nginx/ssl/nginx.crt systemctl restart privx systemctl restart nginx
After restarting the services, all microservices should start successfully.