Hi guys,
I've got 500+ servers running for a service, which are all monitored by Nagios.
On this one server, I cannot make just the NRPE nagios checks work (all other checks work, which are checking different services offered by the server on other ports).
The nrpe config file is the same on all 500+ servers, the installed apt packages (my servers are all running ubuntu 22.04) are all the same (& same versions), but NRPE checks don't work, with this error message being printed by Nagios:
CHECK_NRPE: Error - Could not connect to <IP>. Check system logs on <IP>
This is the only error I see in the system logs without enabling debug_mode:
nrpe[5701]: Error: (!log_opts) Could not complete SSL handshake with : 1
This is the more detailed error (with debug mode on):
nrpe[30350]: Error: (ERR_get_error_line_data = 167772353), Could not complete SSL handshake with : no shared cipher
nrpe[30350]: Error: This could be because you have not specified certificate or ca-certificate files
nrpe[30349]: Error: (ERR_get_error_line_data = 167772454), Could not complete SSL handshake with : unexpected eof while reading
Does anyone have a clue regarding what shall i do in order to get rid of this issue?
Many thanks in advance!
Could not complete SSL handshake with : 1
Re: Could not complete SSL handshake with : 1
catabava,
At first glance, this reads like an OpenSSL issue to me. What version of OpenSSL are you running on the affected servers? And is it different than the servers that are working properly?
The first thing I would try is to upgrade OpenSSL, but as always I recommend making a backup of the server should anything happen to go wrong. It's a relatively minor and reversible change, but you never know.
Best Regards,
Cory Norell
At first glance, this reads like an OpenSSL issue to me. What version of OpenSSL are you running on the affected servers? And is it different than the servers that are working properly?
The first thing I would try is to upgrade OpenSSL, but as always I recommend making a backup of the server should anything happen to go wrong. It's a relatively minor and reversible change, but you never know.
Best Regards,
Cory Norell
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Could not complete SSL handshake with : 1
Hi cnorell,
Unfortunately, I'm using the same OpenSSL version on all servers:
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Best regards,
Catalin
Unfortunately, I'm using the same OpenSSL version on all servers:
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Best regards,
Catalin
-
DoubleDoubleA
- Posts: 286
- Joined: Thu Feb 09, 2017 5:07 pm
Re: Could not complete SSL handshake with : 1
Hi @catabava,
The other possibility from the error logs is a certificate issue.
If that pointer doesn't get you resolution, you might diff this server against other servers that work and see if you can find something. I know you said they should be all the same but it has to be something.
Aaron
The other possibility from the error logs is a certificate issue.
If that pointer doesn't get you resolution, you might diff this server against other servers that work and see if you can find something. I know you said they should be all the same but it has to be something.
Aaron