This is a confusing error message on Teleport’s part that we are going to improve. Internally, teleport sets up addressing and naming convention that uses
teleport.cluster.local to dial auth server by this constant name regardless of the real IP/DNS name that is taken from the configuration.
This is done to make sure that X509 TLS certificates will verify when clients connect to servers regardless of the real IP/DNS name address.
We are going to improve the error messaging, but meanwhile just ignore this value. Most likely the real IP/DNS name is not accessible.
Auth server is a simple HTTPS server, one can check connectivity using
curl -k command:
curl -k https://<auth-server-ip-or-dns>:<port>
If available, users will get 404 response instead of timeout.