Installation
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After upgrading from Splunk 6.2.3 to 6.3.0, why am I getting renew-certs startup error "not a renewed Splunk certificate: aborting renewal"?

davebo1896
Communicator
‎10-01-2015 03:04 PM

Hi,

I was doing an upgrade from Splunk 6.2.3 to 6.3.0. Installation went fine, but when I start Splunk for the first time, I'm getting the error below:

ERROR: "/opt/splunk/etc/auth/ca.pem.default": not a renewed Splunk certificate: aborting renewal
ERROR while running renew-certs migration.

Thanks!

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

davebo1896
Communicator
‎10-07-2015 11:08 AM

I had replaced the entire etc/auth directory from the old install (parallel install), the upgrade did not recognize the certs.
To rectify this, copy only the following files from the old etc dir

etc/passwd
etc/auth/splunk.secret
etc/auth/distServerKeys/*
etc/auth/<your self generated keys, if any>/*

View solution in original post

0 Karma
Reply
Solved! Jump to solution

neelamsantosh
Path Finder
‎12-29-2019 12:22 AM

I could able to resolve the issue by replacing from backup-auth folder.
Hope u too have taken backup.

remove the auth folder which is generated after installation and replace from my backup folder.
start the splunk .

commands:
sudo su splunk

rm -rf /opt/splunk/etc/auth
mv //opt/splunk/etc/auth/ /opt/splunk/etc/

sudo chown -R splunk.splunk /opt/splunk

/opt/splunk/bin/splunk start --accept-license --answer-yes

0 Karma
Reply
Solved! Jump to solution

neelshah
Path Finder
‎03-10-2016 06:24 AM

HI All,
I had a similar issue in my environment.

I just deleted $SPLUNK_HOME/etc/auth/ca.pem (Old Certificate) ...and then tried to start the splunk. Things worked fine for me.
(Well do take backup before you delete)

Regards,
Neel Shah

Reply
Solved! Jump to solution
Solution

davebo1896
Communicator
‎10-07-2015 11:08 AM

I had replaced the entire etc/auth directory from the old install (parallel install), the upgrade did not recognize the certs.
To rectify this, copy only the following files from the old etc dir

etc/passwd
etc/auth/splunk.secret
etc/auth/distServerKeys/*
etc/auth/<your self generated keys, if any>/*
0 Karma
Reply
Solved! Jump to solution

davebo1896
Communicator
‎10-16-2015 07:17 AM

and etc/splunk-launch.conf !

Note: You will also need apps and users dirs. Get only app "local" dirs for apps that come packaged with Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top