Redis Sentinel can't connect to master(tls)

environment redis version: 6.0-rc3 1 master 2 replicas 3 sentinel

redis server config:

[root@sentinel1 /]# grep ^tls- /etc/redis/6379.conf
tls-port 6379
tls-cert-file /etc/redis/ssl/6379/redis.crt
tls-key-file /etc/redis/ssl/6379/redis.key
tls-ca-cert-file /etc/redis/ssl/6379/ca.crt
tls-auth-clients yes
tls-replication yes
tls-cluster yes
tls-protocols TLSv1.2
tls-prefer-server-ciphers yes

sentinel config:

[root@sentinel1 /]# cat /etc/redis/sentinel_26379.conf
# Ansible managed: Do NOT edit this file manually!
daemonize yes
port 26379
dir "/var/lib/redis/sentinel_26379"
bind 0.0.0.0
logfile "/var/log/redis/sentinel_26379.log"
pidfile "/var/run/sentinel_26379.pid"
protected-mode yes
loglevel debug

sentinel myid 4350cbf4fff94dffd4bbc506baffddfaaf14d2b5
sentinel deny-scripts-reconfig yes
sentinel monitor master 172.17.0.2 6379 2
sentinel down-after-milliseconds master 5000
tls-replication yes
tls-ca-cert-file "/etc/redis/ssl/6379/ca.crt"
tls-cert-file "/etc/redis/ssl/6379/redis.crt"
tls-key-file "/etc/redis/ssl/6379/redis.key"
# Generated by CONFIG REWRITE
supervised systemd
user default on nopass ~* +@all
sentinel config-epoch master 0
sentinel leader-epoch master 0
sentinel current-epoch 0

redis server error log:

67757:M 07 Apr 2020 08:20:11.216 # Error accepting a client connection: (null)
67757:M 07 Apr 2020 08:20:11.216 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:11.681 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:11.681 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:11.695 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:11.695 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:12.225 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:12.225 # Error accepting a client connection: (null)
67757:M 07 Apr 2020 08:20:12.692 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:12.692 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:12.733 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:12.733 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:13.277 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:13.277 # Error accepting a client connection: (null)
67757:M 07 Apr 2020 08:20:13.698 # Error accepting a client connection: (null)
67757:M 07 Apr 2020 08:20:13.698 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:13.783 # Error accepting a client connection: (null)
67757:M 07 Apr 2020 08:20:13.783 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:14.290 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:14.290 # Error accepting a client connection: (null)
67757:M 07 Apr 2020 08:20:14.753 # Error accepting a client connection: (null) (conn: fd=10)
67757:M 07 Apr 2020 08:20:14.753 # Error accepting a client connection: (null)

Comment From: elxakpe

Try to add tls-port option to the sentinel.conf as it seems to enable TLS support in general and the same is stated in documentation. For me the below two statements added to sentinel.conf on a top of the rest of TLS configuration actually made the trick.

tls-port 26379 port 0

Comment From: ghost

I had a similar issue. Same error in logs. In my case I forgot to switch sentinel (in sentinel.conf) to tls with

tls-replication yes

seems that disable non-tls port with port 0 is not enough...

Comment From: yossigo

Closing this issue, if needed please re-open with more information.