Ryan Eskin

That makes a whole lot of sense when you say that, I'll definitely give that a look. Thank you!!

@jkirschner-hashicorp I've finally circled back to this. Your recommendation on vault privileges worked, but now I'm in another spot where my secondary datacenters are failing. I followed this doc: https://developer.hashicorp.com/consul/tutorials/security/tls-encryption-secure...

Yep, all datacenters were known working in a fine state prior to this update. I updated the CA config after generating the certs in the document mentioned, then I distributed...

The primary is just fine which is what's interesting. What I'm now witnessing is that one of the secondaries finally selected a leader, but its unable to sign leafs stating...

That would lead me back to my initial issue, my agents were getting `x509 certificate signed by unknown authority` after I updated to the consul CA. I attempted to distribute...

After config revert, one secondary: ```bash Dec 18 17:55:09 us-east-1-01 consul[8350]: agent: Synced node info Dec 18 17:55:09 us-east-1-01 consul[8350]: agent.leaf-certs: handling error in Manager.Notify: error="rpc error making call: CA...

I changed it via the cli with `consul connect ca set-config`

I found a stale json config that had a `connect` block in it for ca configs so I removed it. Now at this juncture its throwing the x509's again, and...

I'll add here that it's probably a good idea in this situation if accepted, that the status code or certain other pieces of the response body as an object are...