Is there any chance you could share the actual URL you are using? If, as
you mentioned the server has publi DNS and is in the cloud on a public
machine, there's really no additional risk to sharing it here - within
minutes of it being on the public internet, it will be probed
relentlessly by bots and malefactors - the handful of readers of this
list will pose no additional threat.
Working blind on the issue makes it much harder for others to assist. We
can only guess at the failure modes for the most part.
On 5/1/19 09:06, Mr Subs wrote:
Thanks for the advice. I have made some progress, but am now getting another
error.
I changed server.xml, so the Host address=“172.31.24.86” (which is the private
IP address, even though I am connecting to it via it’s public IP address. The
domain name is correct, and is public DNS.
Now, when connecting, mmonit -id reports:
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL
routines:ssl3_read_bytes:ssl handshake failure
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL
routines:ssl3_read_bytes:ssl handshake failure
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140A1175:SSL
routines:ssl_bytes_to_cipher_list:inappropriate fallback
Any other ideas?
Thanks
On 1 May 2019, at 00:14, Jan-Henrik Haukeland<[email protected]> wrote:
What is strange is that 172.31.24.86 is neither the address of my server OR my
client - it is completely unknown to me (and a reverse lookup just tells me it
is a private address).
172.31.24.86 is part of a private IP-range, like 192.168.0.0 and 10.0.0.0 and
probably setup by the system you use or your network admin.
I have tried with both the supplied mmonit.pem and a self-generated
certificate, but I get the same error.
The bits of server.xml that I changed are:
<Connector scheme="https" address="*" port="8443" processors="10" secure="true"
/>
..
<Engine name="mmonit" defaultHost=“my-hostname.com" fileCache="10MB">
..
<Host address=“xx.xx.xx.xx" name="my-hostname.com" appBase="."
certificate="conf/mmonit.pem” >
Any ideas on what I have misconfigured?
When configuring SSL it is important that your hostname is in DNS, you can unfortunately not just
invent a hostname here. The name attribute in <Host> (and defaultHost in <Engine>)
must point to a real hostname in DNS. If “my-hostname.com” is not in DNS try using your IP
address instead. You must then access mmonit using https://<your-ip-address>/ The manual
and the chapter about setting up M/Monit with SSL has more
information,https://mmonit.com/documentation/mmonit_manual.pdf
Best regards
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
--
Paul Theodoropoulos
www.anastrophe.com
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
