curl -I -v https://172.16.13.170:1492/serverstatus/login.py
* Trying 172.16.13.170...
* TCP_NODELAY set
* Connected to 172.16.13.170 (172.16.13.170) port 1492 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I’m trying to set up https on my checkmk dashboard. I’m pretty new to the whole https/ssl thing, so I’m not sure if my setup is correct. I created a self-signed certificate for this. Then I followed the info in the documentation: https://docs.checkmk.com/latest/en/omd_https.html. When I cURL on the Checkmk login page, I get an error about ssl3 wrong version number. However, when I run the same cURL command on the IP address alone, I think I get a good output:
curl -I -v https://172.16.13.170
* Rebuilt URL to: https://172.16.13.170/
* Trying 172.16.13.170...
* TCP_NODELAY set
* Connected to 172.16.13.170 (172.16.13.170) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Anyone know what might be wrong? Since I had to set my site up on a non-default port, I realized I was missing a config for that port with the redirect commands from the documentation. However, I’m still running into this version wrong error, and I haven’t been able to find the solution.
If i see your output, i would first ask why is there the port → 1492 inside the first curl command?
The second question is what do you expect behind the URI /serverstatus/login.py ?
Is there a correct answer if you try this without HTTPS?
I do think there is an issue with the configuration or my server setup. My server is also running some proprietary software that makes a lot of network configuration changes that I was concerned was interfering with getting https set up (and also the reason I needed to run my dashboard on a separate port).
To test this out, I setup Checkmk on a raspberrypi, created a self-signed ssl certificate, and followed the checkmk documentation for https configuration. It worked with no issues.
Bad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please
More progress/changes. It seems like creating a custom config file for my site is helping instead of using the default listed in the checkmk documentation.
I unbound my port from https, and setup https redirection in my custom config file instead. The redirect works, but too well. In the browser I’m getting an error about too many redirects, but the cURL output looks fine to me:
TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Unknown (8):
TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (OUT), TLS alert, Server hello (2):
SSL certificate problem: self signed certificate
stopped the pause stream!
Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: curl - SSL CA Certificates
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Here’s my config file for reference:
<VirtualHost :1492>
ServerName 172.16.13.170
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.) https://%{HTTP_HOST}/$1 [L]
RequestHeader set X-Forwarded-Proto “https”
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.