Troubleshoot the failed reaching server error
The message Failed reaching server: last connection error
can often result from an expired TLS certificate or during the Server startup process, in which the Client requests reach the Server before the roles are fully initialized.
This troubleshooting guide shows you how to do the following:
- Verify the certification expiration date
- Renew the certification
- Update the server configuration
Verify TLS certification expiration date
The first step in troubleshooting this error is to verify the expiration date of the TLS certification. Then you can renew the certification and update the server configuration.
Choose one of the following methods to verify the expiration date of the TLS certification:
Verify the expiration date of the TLS certification
List the expiration date with the following command:
tcld namespace accepted-client-ca list \
--namespace <namespace_id>.<account_id> | \
jq -r '.[0].notAfter'
If the returned date is in the past, the certificate has expired.
Existing certificate management infrastructure
If you are using an existing certificate management infrastructure, use it to verify the TLS connection. For example, if you are using OpenSSL, run the following command:
openssl s_client -connect <namespace_grpc_endpoint> -showcerts -cert ~/certs/path.pem -key .~/certs/path.key -tls1_2
Self-signed certificate
If you are using a self-signed certificate, run the following Temporal CLI command:
temporal namespace describe \
--namespace <namespace_id>.<account_id> \
--address <namespace_grpc_endpoint> \
--tls-cert-path <path-to-mTLS-pem-file> \
--tls-key-path <path-to-mTLS-key-file>
Your Namespace gRPC endpoint is available on the details page for your Temporal Cloud Namespace.