Hi there,
i want to set up a ssl age check. I have this problem:
The website has no ssl problems.
RAW 2.2.0
Ubuntu2204
Error-Message:
connect to address foo.baar.de and port 443: Connection refused
My opinion: CheckMK send a http to 443 and the server can’t understand it. How can i change to https request?
This is my configuration:
Can someone help?
Greetings,
Steven
Hi there,
The rule seems to be in order, however a firewall, or other process is actively denying CMK to connect on port 443.
So please check why your CMK-server is not allowed to access the port (or maybe even in general the machine)
… in my certificate check rule i do not even specify the port (as 443 is the default port), so this should only be used when you are runnig a service which is not on the default 443 -port. (like 8443)
Just for insight my rule :
Thank you for your help.
The firewall or the server does not block 443 requests and also not the CheckMK server. The certificate is also returned/displayed correctly on Internet pages. The web server error log also has no messages.
When I simulate this request via browser I get the following message (http://foo.bar:443)
The plain HTTP request was sent to HTTPS port. (I think this is right)
Does CheckMK really send the request as HTTP? The service is called HTTP.
Greetings
Steven
Hi,
Could you check from commandline on the CMK server if you can retrieve (certificate-)information from the webserver with:
openssl s_client -servername <YourServername_here> -connect <YourServername.domain>:443 2>/dev/null | openssl x509 -text
Hi,
Thank you. I have found the error. The request worked from an external IP but not on the LAN. This was caused by NAT reflection.
I have added an entry in the local DNS with the domain to the local IP. The Checkmk then had access to the page.
Greetings
Steven
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.