monit-general
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPS connection to mmonit

From: Mr Subs
Subject: Re: HTTPS connection to mmonit
Date: Wed, 1 May 2019 17:06:16 +0100 
Thanks for the advice. I have made some progress, but am now getting another 
error.

I changed server.xml, so the Host address=“172.31.24.86” (which is the private 
IP address, even though I am connecting to it via it’s public IP address. The 
domain name is correct, and is public DNS.

Now, when connecting, mmonit -id reports:
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL 
routines:ssl3_read_bytes:ssl handshake failure
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL 
routines:ssl3_read_bytes:ssl handshake failure
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140A1175:SSL 
routines:ssl_bytes_to_cipher_list:inappropriate fallback

Any other ideas?

Thanks

> On 1 May 2019, at 00:14, Jan-Henrik Haukeland <address@hidden> wrote:
> 
>> What is strange is that 172.31.24.86 is neither the address of my server OR 
>> my client - it is completely unknown to me (and a reverse lookup just tells 
>> me it is a private address).
> 
> 172.31.24.86 is part of a private IP-range, like 192.168.0.0 and 10.0.0.0 and 
> probably setup by the system you use or your network admin. 
> 
>> I have tried with both the supplied mmonit.pem and a self-generated 
>> certificate, but I get the same error.
>> 
>> The bits of server.xml that I changed are:
>> 
>> <Connector scheme="https" address="*" port="8443" processors="10" 
>> secure="true" />
>> ..
>> <Engine name="mmonit" defaultHost=“my-hostname.com" fileCache="10MB">
>> ..
>> <Host address=“xx.xx.xx.xx" name="my-hostname.com" appBase="." 
>> certificate="conf/mmonit.pem” >
>> 
>> Any ideas on what I have misconfigured?
> 
> When configuring SSL it is important that your hostname is in DNS, you can 
> unfortunately not just invent a hostname here. The name attribute in <Host> 
> (and defaultHost in <Engine>) must point to a real hostname in DNS.  If 
> “my-hostname.com” is not in DNS try using your IP address instead. You must 
> then access mmonit using https://<your-ip-address>/ The manual and the 
> chapter about setting up M/Monit with SSL has more information, 
> https://mmonit.com/documentation/mmonit_manual.pdf
> 
> Best regards
> -- 
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
reply via email to
[Prev in Thread] Current Thread [Next in Thread]