Docs Self-Managed Troubleshoot Resolve Errors Linux Resolve Errors in Linux This section describes errors or issues you might encounter while deploying Redpanda in Linux and explains how to troubleshoot them. Deployment issues This section addresses common deployment issues encountered during Redpanda setup or upgrades. A Redpanda Enterprise Edition license is required During a Redpanda upgrade, if enterprise features are enabled and a valid Enterprise Edition license is missing, Redpanda logs a warning and aborts the upgrade process on the first broker. This issue prevents a successful upgrade. A Redpanda Enterprise Edition license is required to use the currently enabled features. To apply your license, downgrade this broker to the pre-upgrade version and provide a valid license key via rpk using 'rpk cluster license set <key>', or via Redpanda Console. To request an enterprise license, please visit <redpanda.com/upgrade>. To try Redpanda Enterprise for 30 days, visit <redpanda.com/try-enterprise>. For more information, see <https://docs.redpanda.com/current/get-started/licenses>. If you encounter this message, follow these steps to recover: Roll back the affected broker to the original version. Do one of the following: Apply a valid Redpanda Enterprise Edition license to the cluster. Disable enterprise features. If you do not have a valid license and want to proceed without using enterprise features, you can disable the enterprise features in your Redpanda configuration. Retry the upgrade. TLS issues This section covers common TLS errors, their causes, and solutions, including certificate issues and correct client configuration. Invalid large response size This error appears when your cluster is configured to use TLS, but you don’t specify that you are connecting over TLS. unable to request metadata: invalid large response size 352518912 > limit 104857600; the first three bytes received appear to be a tls alert record for TLS v1.2; is this a plaintext connection speaking to a tls endpoint? If you’re using rpk, ensure to add the -X tls.enabled flag, and any other necessary TLS flags such as the TLS certificate: rpk cluster info -X tls.enabled=true For all available flags, see the rpk options reference. Malformed HTTP response This error appears when a cluster has TLS enabled, and you try to access the admin API without passing the required TLS parameters. Retrying POST for error: Post "http://127.0.0.1:9644/v1/security/users": net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x03\x00\x02\x02" If you’re using rpk, ensure to include the TLS flags. For all available flags, see the rpk options reference. x509: certificate signed by unknown authority This error appears when the Certificate Authority (CA) that signed your certificates is not trusted by your system. Check the following: Ensure you have installed the root CA certificate correctly on your local system. If using a self-signed certificate, ensure it is properly configured and included in your system’s trust store. If you are using a certificate issued by a CA, ensure the issuing CA is included in your system’s trust store. Check the validity of your certificates. They might have expired. x509: certificate is not valid for any names This error indicates that the certificate you are using is not valid for the specific domain or IP address you are trying to use it with. This error typically occurs when there is a mismatch between the certificate’s Subject Alternative Name (SAN) or Common Name (CN) field and the name being used to access the broker. To fix this error, you may need to obtain a new certificate that is valid for the specific domain or IP address you are using. Ensure that the certificate’s SAN or CN entry matches the name being used, and that the certificate is not expired or revoked. cannot validate certificate for 127.0.0.1 This error appears if you are using a CA certificate when you try to establish an internal connection using localhost. For example: unable to request metadata: unable to dial: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs To fix this error, you must either specify the URL with a public domain or use self-signed certificates: rpk cluster info \ -X brokers=<redpanda-url>:<port> \ -X tls.enabled=true SASL issues This section addresses errors related to SASL (Simple Authentication and Security Layer), focusing on connection and authentication problems. Is SASL missing? This error appears when you try to interact with a cluster that has SASL enabled without passing a user’s credentials. unable to request metadata: broker closed the connection immediately after a request was issued, which happens when SASL is required but not provided: is SASL missing? If you’re using rpk, ensure to specify the -X user, -X pass, and -X sasl.mechanism flags. For all available flags, see the rpk options reference. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Resolve Errors Kubernetes