monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue with TCP test for HTTPS


From: David Jones
Subject: Re: Issue with TCP test for HTTPS
Date: Wed, 3 Jul 2019 18:38:30 +0000

We need more information to help.  Can you check the same thing using curl or an NRPE plugin like check_http?  There could be many things going on there like SNI, TLS verification, no CA file, Apache virtual hosts, IP bindings, etc.  If you have a browser on that server, try hitting the same URL.  If you don't then try elinks or a text-based browser and see what it says when hitting that URL.  Certs aren't going to match https://localhost so VERIFY DISABLE must be set.

https://mmonit.com/monit/documentation/monit.html#SSL-OPTIONS


From: monit-general <monit-general-bounces+djones=address@hidden> on behalf of Guillaume Fran├žois <address@hidden>
Sent: Wednesday, July 3, 2019 8:16 AM
To: This is the general mailing list for monit
Subject: Issue with TCP test for HTTPS
 
Hello,

I'm using the last version of Monit 5.25.3 on a CentOS fully upgraded but since some updates I'm having an issue with this test on Apache HTTPD

if failed port 443 protocol https with timeout 15 seconds for 3 times within 5 cycles then alert

raising error:

[CEST Jul  3 15:05:00] warning  : 'apache-ns353666-prod' failed protocol test [HTTP] at [localhost]:443 [TCP/IP TLS] -- SSL server certificate verification error: unable to get local issuer certificate

I use Monit binaries from the website and not the distribution packages (https://mmonit.com/monit/dist/binary/5.25.3/monit-5.25.3-linux-x64.tar.gz)
Also openssl version from OS is "OpenSSL 1.0.2k-fips  26 Jan 2017" but it should be an issue as openssl from with the binaries if I'm not wrong.

Do anyone have some clue how to make it work again ?

Regards.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]