Using check_http for https

Thomas Guyot-Sionnest dermoth at
Mon Jan 4 19:52:22 CET 2016

Hash: SHA1

On 04/01/16 09:03 AM, Gereon Kremer wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > Hello, > > I'm using nagios for website monitoring
and recently one of the sites > was migrated to https. > I'll abstract
from the nagios config now and directly show the problem > on the
plugin. > > I now want to migrate the following command to https: >
check_http -H <url> > > What works: > wget https://<url> > > What does
not work (with result): > check_http -S -H <url>   (timeout) >
check_http --ssl -H <url>   (timeout) > check_http --ssl=1 -H <url>  
(timeout) > check_http --ssl=2 -H <url>   (SSL protocol version 2 is not
supported > by your SSL library.) > check_http --ssl=3 -H <url>   (sslv3
alert handshake > failure:s3_pkt.c:1294:SSL alert number 40) >
check_http -p 443 -H <url>   (timeout) > > I also tried to enable sni or
additionally provide the IP via -I, but > this did not change anything.
> I discovered the third-party check_https plugin which actually wraps >
wget. However, I'd like to use the -s option from check_http which is >
not provided by check_https.

Hi Gereon,

Have you tried:

check_https -H <url>
check_http -S -p 443 -H <url>

If I'm not mistaken, calling check_http as check_https does two things:
1. enable ssl (-S/--ssl), and 2. change the default port to 443
(check_https should be a symlink to check_http). When you set the port
to 443, it's like doing "http://host:443/" : that will use normal http
on an ssl connection which won't work. Similarly, I don't think
check_http is smart enough to decide when it should change the default
port to 443 unless when called as "check_https", so when you use
-S/--ssl without explicitly setting port 443, it's like doing
"https://host:80/" - going ssl on a non-ssl connection won't work neither.


P.s.: Sorry for repost, so long I haven't posted in here my gpg rules
had to be updated - also corrected some typos.

- -- 
Version: GnuPG v2


More information about the Devel mailing list