|
From: | Paul Theodoropoulos |
Subject: | Re: HTTPS connection to mmonit |
Date: | Wed, 1 May 2019 10:40:11 -0700 |
User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
Is there any chance you could share the actual
URL you are using? If, as you mentioned the server has publi DNS
and is in the cloud on a public machine, there's really no
additional risk to sharing it here - within minutes of it being on
the public internet, it will be probed relentlessly by bots and
malefactors - the handful of readers of this list will pose no
additional threat. Working blind on the issue makes it much harder for others to assist. We can only guess at the failure modes for the most part. On 5/1/19 09:06, Mr Subs wrote:
Thanks for the advice. I have made some progress, but am now getting another error. I changed server.xml, so the Host address=“172.31.24.86” (which is the private IP address, even though I am connecting to it via it’s public IP address. The domain name is correct, and is public DNS. Now, when connecting, mmonit -id reports: 2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140A1175:SSL routines:ssl_bytes_to_cipher_list:inappropriate fallback Any other ideas? ThanksOn 1 May 2019, at 00:14, Jan-Henrik Haukeland <address@hidden> wrote:What is strange is that 172.31.24.86 is neither the address of my server OR my client - it is completely unknown to me (and a reverse lookup just tells me it is a private address).172.31.24.86 is part of a private IP-range, like 192.168.0.0 and 10.0.0.0 and probably setup by the system you use or your network admin.I have tried with both the supplied mmonit.pem and a self-generated certificate, but I get the same error. The bits of server.xml that I changed are: <Connector scheme="https" address="*" port="8443" processors="10" secure="true" /> .. <Engine name="mmonit" defaultHost=“my-hostname.com" fileCache="10MB"> .. <Host address=“xx.xx.xx.xx" name="my-hostname.com" appBase="." certificate="conf/mmonit.pem” > Any ideas on what I have misconfigured?When configuring SSL it is important that your hostname is in DNS, you can unfortunately not just invent a hostname here. The name attribute in <Host> (and defaultHost in <Engine>) must point to a real hostname in DNS. If “my-hostname.com” is not in DNS try using your IP address instead. You must then access mmonit using https://<your-ip-address>/ The manual and the chapter about setting up M/Monit with SSL has more information, https://mmonit.com/documentation/mmonit_manual.pdf Best regards -- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general -- Paul Theodoropoulos www.anastrophe.com |
[Prev in Thread] | Current Thread | [Next in Thread] |