More information on TLS problems

[codeling]

Host operating system: output of uname -a

Linux REDACTED 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64 GNU/Linux

node_exporter version: output of node_exporter --version

node_exporter, version 1.8.2 (branch: HEAD, revision: f1e0e8360aa60b6cb5e5cc1560bed348fc2c1895)
  build user:       root@03d440803209
  build date:       20240714-11:53:45
  go version:       go1.22.5
  platform:         linux/amd64
  tags:             unknown

node_exporter command line flags

--log.level=debug --web.listen-address=:9142 --web.config.file=/etc/prometheus/node_exporter_web.yml

/etc/prometheus/node_exporter _web.yml:

tls_server_config:
  min_version: "TLS13"
  cert_file: "/etc/ssl/certs/REDACTED.crt"
  key_file: "/etc/prometheus/REDACTED.key"
  client_auth_type: "RequireAnyClientCert"
  client_ca_file: "/etc/ssl/letsencrypt/x1.pem"
basic_auth_users:
  USERREDACTED: PASSWORDREDACTED

node_exporter log output

http: TLS handshake error from REDACTEDIP:REDACTEDPORT remote error: tls: bad certificate

Are you running node_exporter in Docker?

No.

What did you do that produced an error?

Try to scrape metrics via TLS; this used to work but after certificate refresh suddenly stopped working.

What did you expect to see?

A useful error message.

What did you see instead?

Only the above shown "tls: bad certificate" without any further information on what was "bad" about the certificate.
At least in debug log mode I would expect something more useful.