Client did not trust this server s certificate closing connection – How to solve this Elasticsearch error

Overview

Any application that interfaces with Elasticsearch to index, update or search data, or to monitor and maintain Elasticsearch using various APIs can be considered a client

It is very important to configure clients properly in order to ensure optimum use of Elasticsearch resources.

Examples

There are many open-source client applications for monitoring, alerting and visualization, such as ElasticHQ, Elastalerts, and Grafana to name a few. On top of Elastic client applications such as filebeat, metricbeat, logstash and kibana that have all been designed to integrate with Elasticsearch.

However it is frequently necessary to create your own client application to interface with Elasticsearch. Below is a simple example of the python client (taken from the client documentation):

from datetime import datetime
from elasticsearch import Elasticsearch
es = Elasticsearch()

doc = {
    'author': 'Testing',
    'text': 'Elasticsearch: cool. bonsai cool.',
    'timestamp': datetime.now(),
}
res = es.index(index="test-index", doc_type='tweet', id=1, body=doc)
print(res['result'])

res = es.get(index="test-index", doc_type='tweet', id=1)
print(res['_source'])

es.indices.refresh(index="test-index")

res = es.search(index="test-index", body={"query": {"match_all": {}}})
print("Got %d Hits:" % res['hits']['total']['value'])
for hit in res['hits']['hits']:
    print("%(timestamp)s %(author)s: %(text)s" % hit["_source"])

All of the official Elasticsearch clients follow a similar structure, working as light wrappers around the Elasticsearch rest API, so if you are familiar with Elasticsearch query structure they are usually quite straightforward to implement.

Notes and Good Things to Know

Use official Elasticsearch libraries.

Although it is possible to connect with Elasticsearch using any HTTP method, such as a curl request, the official Elasticsearch libraries have been designed to properly implement connection pooling and keep-alives.   

Official Elasticsearch clients are available for java, javascript, Perl, PHP, python, ruby and .NET. Many other programming languages are supported by community versions.

Keep your Elasticsearch version and client versions in sync.

To avoid surprises, always keep your client versions in line with the Elasticsearch version you are using. Always test clients with Elasticsearch since even minor version upgrades can cause issues due to dependencies or a need for code changes. 

Load balance across appropriate nodes.

Make sure that the client properly load balances across all of the appropriate nodes in the cluster.  In small clusters this will normally mean only across data nodes (never master nodes), or in larger clusters, all dedicated coordinating nodes (if implemented) .

Ensure that the Elasticsearch application properly handles exceptions.

In the case of Elasticsearch being unable to cope with the volume of requests, designing a client application to handle this gracefully (such as through some sort of queueing mechanism) will be better than simply inundating a struggling cluster with repeated requests.