Thanks for the advice. I have made some progress, but am now getting another error.
I changed server.xml, so the Host address=“172.31.24.86” (which is the private IP address, even though I am connecting to it via it’s public IP address. The domain name is correct, and is public DNS. Now, when connecting, mmonit -id reports: 2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140A1175:SSL routines:ssl_bytes_to_cipher_list:inappropriate fallback Any other ideas? Thanks > On 1 May 2019, at 00:14, Jan-Henrik Haukeland <[email protected]> wrote: > >> What is strange is that 172.31.24.86 is neither the address of my server OR >> my client - it is completely unknown to me (and a reverse lookup just tells >> me it is a private address). > > 172.31.24.86 is part of a private IP-range, like 192.168.0.0 and 10.0.0.0 and > probably setup by the system you use or your network admin. > >> I have tried with both the supplied mmonit.pem and a self-generated >> certificate, but I get the same error. >> >> The bits of server.xml that I changed are: >> >> <Connector scheme="https" address="*" port="8443" processors="10" >> secure="true" /> >> .. >> <Engine name="mmonit" defaultHost=“my-hostname.com" fileCache="10MB"> >> .. >> <Host address=“xx.xx.xx.xx" name="my-hostname.com" appBase="." >> certificate="conf/mmonit.pem” > >> >> Any ideas on what I have misconfigured? > > When configuring SSL it is important that your hostname is in DNS, you can > unfortunately not just invent a hostname here. The name attribute in <Host> > (and defaultHost in <Engine>) must point to a real hostname in DNS. If > “my-hostname.com” is not in DNS try using your IP address instead. You must > then access mmonit using https://<your-ip-address>/ The manual and the > chapter about setting up M/Monit with SSL has more information, > https://mmonit.com/documentation/mmonit_manual.pdf > > Best regards > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general -- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
