check_http > CRITICAL - Cannot make SSL connection.
check_http > CRITICAL - Cannot make SSL connection.
Hello,
today I upgraded Nagios check_http plugin from version v2.1.4 to v2.2.1 and now I´am not able to check one of my https sites.
The result from v2.1.4 is:
./check_http -H websiteurl -S -e 401
HTTP OK: Status line output matched "401" - 1891 bytes in 0.270 second response time |time=0.270459s;;;0.000000 size=1891B;;;0
and with version v2.2.1:
./check_http -H websiteurl -S -e 401
CRITICAL - Cannot make SSL connection.
the command with --vv:
./check_http -H websiteurl -S -e 401 -vv
CRITICAL - Cannot make SSL connection.
SSL initialized
Nagios Core running on latest Debian with openssl 1.1.0f-3+deb9u2.
Thanks for you help, Regards,
Petr
today I upgraded Nagios check_http plugin from version v2.1.4 to v2.2.1 and now I´am not able to check one of my https sites.
The result from v2.1.4 is:
./check_http -H websiteurl -S -e 401
HTTP OK: Status line output matched "401" - 1891 bytes in 0.270 second response time |time=0.270459s;;;0.000000 size=1891B;;;0
and with version v2.2.1:
./check_http -H websiteurl -S -e 401
CRITICAL - Cannot make SSL connection.
the command with --vv:
./check_http -H websiteurl -S -e 401 -vv
CRITICAL - Cannot make SSL connection.
SSL initialized
Nagios Core running on latest Debian with openssl 1.1.0f-3+deb9u2.
Thanks for you help, Regards,
Petr
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: check_http > CRITICAL - Cannot make SSL connection.
when you put websiteurl can you be more specific
is it host.domain.com or
https://host.domain.com or
https://host.domain.com/path/to/page or
https://host.domain.com:customport/path/to/page
is it host.domain.com or
https://host.domain.com or
https://host.domain.com/path/to/page or
https://host.domain.com:customport/path/to/page
Re: check_http > CRITICAL - Cannot make SSL connection.
Hello,
this is internal web site with certificate issued by local CA. The certificate is SHA1.
I use this command with my own domain:
./check_http -H eusupport.xxxx.com -S -u /CAisd/pdmweb.exe -e 401
I have more internal sites which used SSL certificate from trusted external CA and there is no problem.
this is internal web site with certificate issued by local CA. The certificate is SHA1.
I use this command with my own domain:
./check_http -H eusupport.xxxx.com -S -u /CAisd/pdmweb.exe -e 401
I have more internal sites which used SSL certificate from trusted external CA and there is no problem.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: check_http > CRITICAL - Cannot make SSL connection.
you may need to add --sni
Otherwise I'm not sure what it could be, I just tested with our live server and get expected output
Code: Select all
--sni
Enable SSL/TLS hostname extension support (SNI)
Code: Select all
./check_http -H assets.nagios.com -S -u /downloads/nagios-log-server/2/virtualpc/ -e 403
Re: check_http > CRITICAL - Cannot make SSL connection.
with --sni I received the same result.
./check_http -H eusupport.xxxxx.com -S -u /CAisd/pdmweb.exe -e 401 --sni
CRITICAL - Cannot make SSL connection.
There must be some change between version 2.1.4 and 2.2.1. With 2.1.4 there is no issue. I don´t know what differences are there.
As I wrote, the problem is only with one of my internal servers. Other server are OK.
./check_http -H eusupport.xxxxx.com -S -u /CAisd/pdmweb.exe -e 401 --sni
CRITICAL - Cannot make SSL connection.
There must be some change between version 2.1.4 and 2.2.1. With 2.1.4 there is no issue. I don´t know what differences are there.
As I wrote, the problem is only with one of my internal servers. Other server are OK.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: check_http > CRITICAL - Cannot make SSL connection.
Do the internal server force a specific SSL type, you can specify that
or specific keys
Code: Select all
-S, --ssl=VERSION[+]
Connect via SSL. Port defaults to 443. VERSION is optional, and prevents
auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,
1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.
Code: Select all
-J, --client-cert=FILE
Name of file that contains the client certificate (PEM format)
to be used in establishing the SSL session
-K, --private-key=FILE
Name of file containing the private key (PEM format)
matching the client certificate
Re: check_http > CRITICAL - Cannot make SSL connection.
I tried the command with S1, S1.1 and 1.2
./check_http -H eusupport.xxxxxx.com -S1 -u /CAisd/pdmweb.exe -e 401
with the same result:
CRITICAL - Cannot make SSL connection.
with S2 and S3 I receive:
UNKNOWN - SSL protocol version 3 is not supported by your SSL library.
./check_http -H eusupport.xxxxxx.com -S1 -u /CAisd/pdmweb.exe -e 401
with the same result:
CRITICAL - Cannot make SSL connection.
with S2 and S3 I receive:
UNKNOWN - SSL protocol version 3 is not supported by your SSL library.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: check_http > CRITICAL - Cannot make SSL connection.
I did see another thread with similar issue and it was the ssl package on the nagios server
https://support.nagios.com/forum/viewto ... =6&t=43852
https://support.nagios.com/forum/viewto ... =6&t=43852
Re: check_http > CRITICAL - Cannot make SSL connection.
I already found this topic but it dies not help me. I already have installed latest version of openssl and libssl-dev and check_http was compiled with these versions but the problem is still there.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: check_http > CRITICAL - Cannot make SSL connection.
I'm sorry, currently I am really out of ideas what could be causing the issue and am unable to replicate it.
I will leave the thread open in case another community member has seen the same behavior.
I will leave the thread open in case another community member has seen the same behavior.