Nagios Support Forum

Hi all,

I've setup a site to monitor (via website wizard) thats ssl only (no http -> https redirect) and the service checks are all working fine. The host check is failing with a "Connection refused
HTTP CRITICAL - Unable to open TCP socket" message, as if something is still trying to connect to port 80 on that box.

This problem doesnt seem to happen when monitoring a site that has an http -> https redirect in place. I've checked the commands that are being run and everything i've seen thats using check_http is correctly specifying -S and -p 443.

Any ideas?

Thanks!
BJ

Hello BJ,


It sounds like you set this up properly but lets cover a few things as I have run a few tests here:

a) http://[server.ip.address.here]/nagiosxi/config/

b) "Run the Monitoring Wizard"

c) Step 1
Choose "Website"

d) Step 2
enter full secure website URL
e.g.: https://www.paypal.com/

e) Step 3
"Use SSL"
and
"Port: 443"
should already be enbaled

(choose any other options needed)

next (config options) > next (config options)
By default, this should have worked.

I noticed when going into Host Detail > site > Configure Tab
and hand editing Address to a "https://" this throws the same error:
"Name or service not known
HTTP CRITICAL - Unable to open TCP socket"

Could you check that and respond when convenient please?

Thanks!

Hi Rene,

I changed it to an https:// address under site:configure tab and that didnt make any difference (same behavior you reported). Again, if the target site supports http as well as https (even if http just redirects to https), it works fine. Its like theres still some type of port 80 check happening.

Thanks so much for your help!
-BJ

That sounds strange. Our SSL sites support both HTTP and HTTPS, so we can't test an SSL-only site. Has anyone else run into this problem? Alternatively, is there an HTTPS-only site out there that doesn't do an HTTP->HTTPS redirect that we can test against?

try this:

https://esta.cbp.dhs.gov

I am going to run this site on a test server and see what may be causing issues.

HTTP and PING are indeed critical but I am also seeing that this site is not resolving normally as well with just an attempt to access the site via the web (with 63.167.255.44 showing as IP), it looks as if it is reporting as it should:

HTTP
Critical 1m 48s 1/5 2011-01-17 04:09:34 HTTP CRITICAL - No data received from host

Ping
Critical 53s 1/5 2011-01-17 04:10:29 CRITICAL - esta.cbp.dhs.gov: rta nan, lost 100%

Thats the thing - I dont want an http check performed. I only want https so things appear correctly GREEN. I dont understand why its checking for http when its only been told to check for https. Seems like its assuming that everyone is always going to implement an http -> https redirect.

Thanks!

I have done a few tests and the latest with https://www.fortify.net/sslcheck.htmlwhich all comes up fine. Using the https://www.fortify.net/sslcheck.html link during the website monitoring wizard with checked box of SSL and port 443 has it monitoring by SSL only.
Also, the sites.google.com and paypal were also what I was using last week but I wanted to do a fresh one from scratch to be sure.

Thanks for the reply. I did notice that you can still access that page via: http://www.fortify.net/sslcheck.html and it works, which it why your check is succeeding.