For some reason *suggested by cloudflare support as a lack of sni support in my app* whenever i try to monitor https availability on a website using cloudflare i get this error all the time
> CRITICAL - Cannot make SSL connection.
>
> 47521318531152:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
> internal error:s23_clnt.c:770:
Enabling vars.http_sni = "true" in the host declaration has no effect
and the debug.log clearly states plugin using the --sni flag
> Running command '/usr/lib/nagios/plugins/check_http' '--sni' '-A'
> 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0'
> '-I' '<target>' '-S' '-s' 'UP': PID 4436
> notice/Process: PID 4436 ('/usr/lib/nagios/plugins/check_http'
'--sni' '-A' 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0)
Gecko/20100101 Firefox/40.0' '-I' '<target>' '-S' '-s' 'UP') terminated
with exit code 2
Don't mind the useragent. That's there for other purposes.
Any hints on this ? i've sent an email to whoever manages the debian
monitoring-plugins metapackage also and if it can be 'fixed' i will post
an update. It's possible i'll have to email the devs at openssl since
issuing a
openssl s_client -connect <target>:443 gives the same error.
PS: some suggested that this is having to do with webservers no longer
accepting SSLV1/2/3 and tls V1/2 and many ciphers related since they
were proven insecure. either way, can't monitor the websites using icinga2.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users
