inputs.x509_cert shows valid certifictes as invalid version 1.25.0

[duchscherd]

Relevant telegraf.conf

[[inputs.x509_cert]]
   sources = ["https://google.com:443"]

Logs from Telegraf

2023-01-20T01:52:01Z I! Using config file: /etc/telegraf/telegraf.conf
2023-01-20T01:52:01Z I! Starting Telegraf 1.25.0
2023-01-20T01:52:01Z I! Available plugins: 228 inputs, 9 aggregators, 26 processors, 21 parsers, 57 outputs, 2 secret-stores
2023-01-20T01:52:01Z I! Loaded inputs: x509_cert
2023-01-20T01:52:01Z I! Loaded aggregators:
2023-01-20T01:52:01Z I! Loaded processors:
2023-01-20T01:52:01Z I! Loaded secretstores:
2023-01-20T01:52:01Z I! Loaded outputs: prometheus_client
2023-01-20T01:52:01Z I! Tags enabled: host=48cd1288e891 instance=$INSTANCE
2023-01-20T01:52:01Z I! [agent] Config: Interval:10s, Quiet:false, Hostname:"48cd1288e891", Flush Interval:10s
2023-01-20T01:52:01Z D! [agent] Initializing plugins
2023-01-20T01:52:01Z D! [agent] Connecting outputs
2023-01-20T01:52:01Z D! [agent] Attempting connection to [outputs.prometheus_client]
2023-01-20T01:52:01Z I! [outputs.prometheus_client] Listening on http://[::]:9273/metrics
2023-01-20T01:52:01Z D! [agent] Successfully connected to outputs.prometheus_client
2023-01-20T01:52:01Z D! [agent] Starting service inputs
2023-01-20T01:52:10Z D! [inputs.x509_cert] Invalid certificate at index  0!
2023-01-20T01:52:10Z D! [inputs.x509_cert]   cert DNS names:    [*.google.com *.appengine.google.com *.bdn.dev *.origin-test.bdn.dev *.cloud.google.com *.crowdsource.google.com *.datacompute.google.com *.google.ca *.google.cl *.google.co.in *.google.co.jp *.google.co.uk *.google.com.ar *.google.com.au *.google.com.br *.google.com.co *.google.com.mx *.google.com.tr *.google.com.vn *.google.de *.google.es *.google.fr *.google.hu *.google.it *.google.nl *.google.pl *.google.pt *.googleadapis.com *.googleapis.cn *.googlevideo.com *.gstatic.cn *.gstatic-cn.com googlecnapps.cn *.googlecnapps.cn googleapps-cn.com *.googleapps-cn.com gkecnapps.cn *.gkecnapps.cn googledownloads.cn *.googledownloads.cn recaptcha.net.cn *.recaptcha.net.cn recaptcha-cn.net *.recaptcha-cn.net widevine.cn *.widevine.cn ampproject.org.cn *.ampproject.org.cn ampproject.net.cn *.ampproject.net.cn google-analytics-cn.com *.google-analytics-cn.com googleadservices-cn.com *.googleadservices-cn.com googlevads-cn.com *.googlevads-cn.com googleapis-cn.com *.googleapis-cn.com googleoptimize-cn.com *.googleoptimize-cn.com doubleclick-cn.net *.doubleclick-cn.net *.fls.doubleclick-cn.net *.g.doubleclick-cn.net doubleclick.cn *.doubleclick.cn *.fls.doubleclick.cn *.g.doubleclick.cn dartsearch-cn.net *.dartsearch-cn.net googletraveladservices-cn.com *.googletraveladservices-cn.com googletagservices-cn.com *.googletagservices-cn.com googletagmanager-cn.com *.googletagmanager-cn.com googlesyndication-cn.com *.googlesyndication-cn.com *.safeframe.googlesyndication-cn.com app-measurement-cn.com *.app-measurement-cn.com gvt1-cn.com *.gvt1-cn.com gvt2-cn.com *.gvt2-cn.com 2mdn-cn.net *.2mdn-cn.net googleflights-cn.net *.googleflights-cn.net admob-cn.com *.admob-cn.com googlesandbox-cn.com *.googlesandbox-cn.com *.gstatic.com *.metric.gstatic.com *.gvt1.com *.gcpcdn.gvt1.com *.gvt2.com *.gcp.gvt2.com *.url.google.com *.youtube-nocookie.com *.ytimg.com android.com *.android.com *.flash.android.com g.cn *.g.cn g.co *.g.co goo.gl www.goo.gl google-analytics.com *.google-analytics.com google.com googlecommerce.com *.googlecommerce.com ggpht.cn *.ggpht.cn urchin.com *.urchin.com youtu.be youtube.com *.youtube.com youtubeeducation.com *.youtubeeducation.com youtubekids.com *.youtubekids.com yt.be *.yt.be android.clients.google.com developer.android.google.cn developers.android.google.cn source.android.google.cn]
2023-01-20T01:52:10Z D! [inputs.x509_cert]   cert IP addresses: []
2023-01-20T01:52:10Z D! [inputs.x509_cert]   opts.DNSName:      google.com
2023-01-20T01:52:10Z D! [inputs.x509_cert]   verify options:    {google.com 0xc000a3dec0 <nil> 0001-01-01 00:00:00 +0000 UTC [0] 0}
2023-01-20T01:52:10Z D! [inputs.x509_cert]   verify error:      x509: certificate signed by unknown authority
2023-01-20T01:52:10Z D! [inputs.x509_cert]   location:          https://google.com:443
2023-01-20T01:52:10Z D! [inputs.x509_cert]   tlsCfg.ServerName:
2023-01-20T01:52:10Z D! [inputs.x509_cert]   ServerName:
2023-01-20T01:52:11Z D! [outputs.prometheus_client] Wrote batch of 3 metrics in 178.938µs
2023-01-20T01:52:11Z D! [outputs.prometheus_client] Buffer fullness: 0 / 10000 metrics
2023-01-20T01:52:14Z D! [agent] Stopping service inputs

System info

Telegraf 1.25.0, Docker version 20.10.22, build 42c8b31, CentOS Linux release 7.9.2009 (Core)

Docker

docker run --rm -ti -v pwd/telegraf.conf:/etc/telegraf/telegraf.conf -p 9273:9273 telegraf:alpine /usr/bin/telegraf --debug

Steps to reproduce

1. Run the above docker command with the inputs.x509_cert configured.

Expected behavior

Show valid certificates as valid.

Actual behavior

Shows certificate invalid with error: x509: certificate signed by unknown authority

Additional info

Version 1.24.4 works without issue.

[srebhan]

@duchscherd this looks like a duplicate of #12402. Can you please check a nightly build and let me know if that fixes the issue!? Sorry for the inconvenience...