|
| From: | David Jones |
| Subject: | Re: Issue with TCP test for HTTPS |
| Date: | Wed, 3 Jul 2019 18:38:30 +0000 |
|
We need more information to help. Can you check the same thing using curl or an NRPE plugin like check_http? There could be many things going on there like SNI, TLS verification, no CA file, Apache virtual hosts, IP bindings, etc. If you have a browser on
that server, try hitting the same URL. If you don't then try elinks or a text-based browser and see what it says when hitting that URL. Certs aren't going to match
https://localhost so VERIFY DISABLE must be set.
From: monit-general <monit-general-bounces+djones=address@hidden> on behalf of Guillaume François <address@hidden>
Sent: Wednesday, July 3, 2019 8:16 AM To: This is the general mailing list for monit Subject: Issue with TCP test for HTTPS Hello,
I'm using the last version of Monit 5.25.3 on a CentOS fully upgraded but since some updates I'm having an issue with this test on Apache HTTPD
if failed port 443 protocol https with timeout 15 seconds for 3 times within 5 cycles then alert
raising error:
[CEST Jul 3 15:05:00] warning : 'apache-ns353666-prod' failed protocol test [HTTP] at [localhost]:443 [TCP/IP TLS] -- SSL server certificate verification error: unable to get local issuer certificate
I use Monit binaries from the website and not the distribution packages (https://mmonit.com/monit/dist/binary/5.25.3/monit-5.25.3-linux-x64.tar.gz)
Also openssl version from OS is "OpenSSL 1.0.2k-fips 26 Jan 2017" but it should be an issue as openssl from with the binaries if I'm not wrong.
Do anyone have some clue how to make it work again ?
Regards.
|
| [Prev in Thread] | Current Thread | [Next in Thread] |