check_http returns with error "cannot make SSL connection" on icinga2

  • Hi,


    I hope someone can help with the following issue.


    Currently I'm using check_http with Icinga2. The system works fine as long as I'm not checking for the SSL Cert.


    I'm able to process the command via shell with "check_http -S -H 'some website' -C30" with proper results


    however when I try to process the command via the host file the GUI is not able to process the command properly.


    Is this a known issue or am I missing a setting?


    my command file


    import "plugin-check-command"


    command = [ PluginDir + "/check_http" ]


    arguments = {
    "-H" = "$http_vhost$"
    "-I" = "$http_address$"
    "-u" = "$http_uri$"
    "-p" = "$http_port$"
    "-S" = "$http_ssl$"
    "-C" = "$http_cert$"
    }


    vars.http_ssl="1"
    }





    my service conf file


    apply Service for (check_ssl => config in host.vars.check_ssl_cert) {
    import "generic-service"
    check_command = "check_ssl"

    vars += config
    }


    My Host conf file

    import "web-host"


    vars.os = "WindowsWeb"
    vars.environment = "LegProd"



    vars.check_ssl_cert ["name of check"] = {
    http_address = "website address"
    http_ssl_certs = "1"
    http_cert = "15"
    }




    Thanks in advance.

  • Hi,


    Originally I did use the default check_http within Icinga2 (received the same error) therefore I quickly slap that together to reduce the amount of information being passed and also to ensure I wasn't passing it to the wrong command module.


    The problem on persist while I'm trying to pass "-S" or "--ssl" argument through the host conf file. I would feed the variable with "1" as I would in the bash command line however the system does not seem to recognize the -S parameter.


    That aside the original check_http command and service has not been altered I still have it running as it's currently performing basic http ping for me.


    Cheers,

  • Hm, I'd try it like this according to the docs: https://docs.icinga.com/icinga…plugin-check-command-http



    Keep it short and simple. You can still rework it into an apply for with host dictionaries.

  • Tested the code and it didn't work.


    I've done some more isolation and it turns out it's not the icinga conf coding that is failing. I was able to test another site with the same setup and the return is good. The original site of interest is not allowing an SSL connection.


    The interesting parting is if I ran the command line ,check_http.pl, directly on the failing site I'm able to get a positive response.


    I'm passing check_http -S 1 on the command line which should be the same as passing http_certificate = true in the conf file???


    Cheers,