help request: APISIX cannot connect to etcd when Auth and TLS is enabled

[mrostamii]

Description

APISIX cannot connect to an etcd cluster node with Auth and TLS enabled.

Playing with the etcdctl and touching that node from APISIX node works fine:

etcdctl --endpoints=https://sub.etcd.staging.apisix.domain.com:2379 \
--cacert=/usr/local/apisix/certs/ca.pem \
--cert=/usr/local/apisix/certs/server.pem \
--key=/usr/local/apisix/certs/server-key.pem \
--user root:password \
get --prefix /apisix

/apisix/test
/apisix/test2

Also, putting and other operations work as expected this way.

The APISIX's etcd config:

...
deployment:
  role_control_plane:
    config_provider: etcd
    conf_server:
      listen: 0.0.0.0:9280
...
  etcd:
    timeout: 30
    user: root
    password: password
    ssl_trusted_certificate: /usr/local/apisix/certs/ca.pem
    tls:
      cert: /usr/local/apisix/certs/server.pem
      key: /usr/local/apisix/certs/server-key.pem
      verify: true
    watch_timeout: 50
    startup_retry: 2
    host:
      - https://sub.etcd.staging.apisix.domain.com:2379
    prefix: /apisix
  admin:
...

I tested traditional deployment, data-plane, and control-plane mode, but the error was the same.

When I try to start the APISIX:

apisix start
/usr/local/openresty//luajit/bin/luajit /usr/local/apisix/apisix/cli/apisix.lua start
got malformed auth message: "CommonName of client sending a request against gateway will be ignored and not used as expected
" from etcd "https://sub.etcd.staging.apisix.domain.com:2379/v3/auth/authenticate"

Environment

• APISIX version: 3.11.0
• Operating system Linux rpc-s-apisix-htz-eu-1 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
• OpenResty / Nginx version: openresty/1.25.3.2
• etcd version: docker - bitnami/etcd:3.5.17