I want to add the 3rd orderer node and I copied the steps from when I made the 2nd orderer node however it gives error connection refused

Question

I want to add new orderer node into the test-network and as the first step, I ran the below script.

orderer.sh

export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
    
echo "Registering orderer2" set -x fabric-ca-client register --caname ca-orderer --id.name orderer2 --id.secret orderer2pw --id.type orderer
--tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

echo "Registering the orderer2 admin" set -x fabric-ca-client register
--caname ca-orderer --id.name orderer2Admin --id.secret orderer2Adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

echo "Generating the orderer2 msp" set -x fabric-ca-client enroll -u https://orderer2:orderer2pw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp"
--csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/config.yaml"

echo "Generating the orderer2-tls certificates" set -x fabric-ca-client enroll -u https://orderer2:orderer2pw@localhost:9054
--caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls"
--enrollment.profile tls --csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt" 
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt" 
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key"

mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts" 
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"

And the log is as below.

Registering orderer2
++ fabric-ca-client register --caname ca-orderer --id.name orderer2 --id.secret orderer2pw --id.type orderer --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:34:17 [INFO] Configuration file location: /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/fabric-ca-client-config.yaml
2022/10/13 12:34:17 [INFO] TLS Enabled
2022/10/13 12:34:17 [INFO] TLS Enabled
Password: orderer2pw
Registering the orderer2 admin
++ fabric-ca-client register --caname ca-orderer --id.name orderer2Admin --id.secret orderer2Adminpw --id.type admin --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:34:18 [INFO] Configuration file location: /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/fabric-ca-client-config.yaml
2022/10/13 12:34:18 [INFO] TLS Enabled
2022/10/13 12:34:18 [INFO] TLS Enabled
Password: orderer2Adminpw
Generating the orderer2 msp
++ fabric-ca-client enroll -u https://orderer2:orderer2pw@localhost:9054 --caname ca-orderer -M /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp --csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:34:18 [INFO] TLS Enabled
2022/10/13 12:34:18 [INFO] generating key: &{A:ecdsa S:256}
2022/10/13 12:34:18 [INFO] encoded CSR
2022/10/13 12:34:18 [INFO] Stored client certificate at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/signcerts/cert.pem
2022/10/13 12:34:18 [INFO] Stored root CA certificate at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/cacerts/localhost-9054-ca-orderer.pem
2022/10/13 12:34:18 [INFO] Stored Issuer public key at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/IssuerPublicKey
2022/10/13 12:34:18 [INFO] Stored Issuer revocation public key at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/IssuerRevocationPublicKey
Generating the orderer2-tls certificates
++ fabric-ca-client enroll -u https://orderer2:orderer2pw@localhost:9054 --caname ca-orderer -M /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls --enrollment.profile tls --csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:34:18 [INFO] TLS Enabled
2022/10/13 12:34:18 [INFO] generating key: &{A:ecdsa S:256}
2022/10/13 12:34:18 [INFO] encoded CSR
2022/10/13 12:34:18 [INFO] Stored client certificate at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/signcerts/cert.pem
2022/10/13 12:34:18 [INFO] Stored TLS root CA certificate at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/tls-localhost-9054-ca-orderer.pem
2022/10/13 12:34:18 [INFO] Stored Issuer public key at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/IssuerPublicKey
2022/10/13 12:34:18 [INFO] Stored Issuer revocation public key at /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/IssuerRevocationPublicKey

Next, I want to add new orderer node into the test-network, and right after I run orderer.sh, I run orderer3.sh as below.

orderer3.sh

export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com

echo "Registering orderer3" set -x fabric-ca-client register --caname ca-orderer --id.name orderer3 --id.secret orderer3pw --id.type orderer
--tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

echo "Registering the orderer3 admin" set -x fabric-ca-client register
--caname ca-orderer --id.name orderer3Admin --id.secret orderer3Adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

echo "Generating the orderer3 msp" set -x fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:10054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp"
--csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/config.yaml"

echo "Generating the orderer3-tls certificates" set -x fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:10054
--caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls"
--enrollment.profile tls --csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem" { set +x; } 2>/dev/null

cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/ca.crt" 
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt" 
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key"

mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/tlscacerts" 
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"

However, it gives me log as below which I know has a problem somewhere.

Registering orderer3
++ fabric-ca-client register --caname ca-orderer --id.name orderer3 --id.secret orderer3pw --id.type orderer --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:36:01 [INFO] Configuration file location: /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/fabric-ca-client-config.yaml
2022/10/13 12:36:01 [INFO] TLS Enabled
2022/10/13 12:36:01 [INFO] TLS Enabled
Password: orderer3pw
Registering the orderer3 admin
++ fabric-ca-client register --caname ca-orderer --id.name orderer3Admin --id.secret orderer3Adminpw --id.type admin --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:36:01 [INFO] Configuration file location: /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/fabric-ca-client-config.yaml
2022/10/13 12:36:01 [INFO] TLS Enabled
2022/10/13 12:36:01 [INFO] TLS Enabled
Password: orderer3Adminpw
Generating the orderer3 msp
++ fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:10054 --caname ca-orderer -M /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp --csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:36:01 [INFO] TLS Enabled
2022/10/13 12:36:01 [INFO] generating key: &{A:ecdsa S:256}
2022/10/13 12:36:01 [INFO] encoded CSR
Error: POST failure of request: POST https://localhost:10054/enroll
{"hosts":["orderer3.example.com","localhost"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBWDCB/wIBADBgMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxETAPBgNV\nBAMTCG9yZGVyZXIzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPvVEes6g0eYX\nkydTesEVHqwJZEJCwLo9Eaj8bWPryCbaXNARGPtODWWIr5rG0Lx9bu8MoDBV+VBs\nfCTrRb74/aA9MDsGCSqGSIb3DQEJDjEuMCwwKgYDVR0RBCMwIYIUb3JkZXJlcjMu\nZXhhbXBsZS5jb22CCWxvY2FsaG9zdDAKBggqhkjOPQQDAgNIADBFAiEA2ykvYwnZ\n23+D++kbKNcCubf0HiOcLMg4/1hIgt95Xb4CIF3WkSQZG0a6CFGfYDaVQ60lpnEJ\nB5+7MKbQkAo0wDCG\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":"ca-orderer"}: Post "https://localhost:10054/enroll": dial tcp [::1]:10054: connect: connection refused
Generating the orderer3-tls certificates
++ fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:10054 --caname ca-orderer -M /home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls --enrollment.profile tls --csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles /home/nurin/fabric-samples/test-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2022/10/13 12:36:02 [INFO] TLS Enabled
2022/10/13 12:36:02 [INFO] generating key: &{A:ecdsa S:256}
2022/10/13 12:36:02 [INFO] encoded CSR
Error: POST failure of request: POST https://localhost:10054/enroll
{"hosts":["orderer3.example.com","localhost"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBVzCB/wIBADBgMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxETAPBgNV\nBAMTCG9yZGVyZXIzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9qSbkTNhWHzN\nbT6t6agPRTndHd0kS3DW5Hr8l1yDXV4/T6DZd/YL5cY/xch1YRhSx3aicmJFXpYL\nbwmUSgBIO6A9MDsGCSqGSIb3DQEJDjEuMCwwKgYDVR0RBCMwIYIUb3JkZXJlcjMu\nZXhhbXBsZS5jb22CCWxvY2FsaG9zdDAKBggqhkjOPQQDAgNHADBEAiBfExPC9fm/\nnNMFpVrMOhZwy8iuVvTulg/LG03+/omZigIgcb1Rsd1Fh7XBCQETVq/2gnxoYASq\n2AlsnkcmclzvSXw=\n-----END CERTIFICATE REQUEST-----\n","profile":"tls","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":"ca-orderer"}: Post "https://localhost:10054/enroll": dial tcp [::1]:10054: connect: connection refused
cp: cannot stat '/home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/*': No such file or directory
cp: cannot stat '/home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/signcerts/*': No such file or directory
cp: cannot stat '/home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/*': No such file or directory

I only changed orderer2 to orderer3 and the port number from 9054(at orderer2) to port number 10054(at orderer3). My question is why there are below errors? And why it didn't go well like in the orderer.sh?

Error: POST failure of request: POST https://localhost:10054/enroll
{"hosts":["orderer3.example.com","localhost"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBWDCB/wIBADBgMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxETAPBgNV\nBAMTCG9yZGVyZXIzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPvVEes6g0eYX\nkydTesEVHqwJZEJCwLo9Eaj8bWPryCbaXNARGPtODWWIr5rG0Lx9bu8MoDBV+VBs\nfCTrRb74/aA9MDsGCSqGSIb3DQEJDjEuMCwwKgYDVR0RBCMwIYIUb3JkZXJlcjMu\nZXhhbXBsZS5jb22CCWxvY2FsaG9zdDAKBggqhkjOPQQDAgNIADBFAiEA2ykvYwnZ\n23+D++kbKNcCubf0HiOcLMg4/1hIgt95Xb4CIF3WkSQZG0a6CFGfYDaVQ60lpnEJ\nB5+7MKbQkAo0wDCG\n-----END CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":"ca-orderer"}: Post "https://localhost:10054/enroll": dial tcp [::1]:10054: connect: connection refused



Error: POST failure of request: POST https://localhost:10054/enroll
{"hosts":["orderer3.example.com","localhost"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBVzCB/wIBADBgMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xp\nbmExFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZGYWJyaWMxETAPBgNV\nBAMTCG9yZGVyZXIzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9qSbkTNhWHzN\nbT6t6agPRTndHd0kS3DW5Hr8l1yDXV4/T6DZd/YL5cY/xch1YRhSx3aicmJFXpYL\nbwmUSgBIO6A9MDsGCSqGSIb3DQEJDjEuMCwwKgYDVR0RBCMwIYIUb3JkZXJlcjMu\nZXhhbXBsZS5jb22CCWxvY2FsaG9zdDAKBggqhkjOPQQDAgNHADBEAiBfExPC9fm/\nnNMFpVrMOhZwy8iuVvTulg/LG03+/omZigIgcb1Rsd1Fh7XBCQETVq/2gnxoYASq\n2AlsnkcmclzvSXw=\n-----END CERTIFICATE REQUEST-----\n","profile":"tls","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":"ca-orderer"}: Post "https://localhost:10054/enroll": dial tcp [::1]:10054: connect: connection refused
cp: cannot stat '/home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/*': No such file or directory
cp: cannot stat '/home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/signcerts/*': No such file or directory
cp: cannot stat '/home/nurin/fabric-samples/test-network/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/tlscacerts/*': No such file or directory

Answer 1

The problem was due to the wrong port number during fabric-ca-client command.

The original that I made.

fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:10054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp" --csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem"
{ set +x; } 2>/dev/null

fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:10054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls" --enrollment.profile tls --csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem"
{ set +x; } 2>/dev/null

The solution.

fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp" --csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem"
{ set +x; } 2>/dev/null

fabric-ca-client enroll -u https://orderer3:orderer3pw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls" --enrollment.profile tls --csr.hosts orderer3.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem"
{ set +x; } 2>/dev/null

When I checked at /compose/compose-ca.yaml, I realized the port number is 9054 and at the fabric-ca-client command, the localhost is referring to the to the FABRIC_CA_SERVER_PORT.

If you get this kind of error, I would suggest you to check the yaml file for your Certificate Authority(CA) and check the port number there.