We need more information to help. Can you check the same thing using curl or an NRPE plugin like check_http? There could be many things going on there like SNI, TLS verification, no CA file, Apache virtual hosts, IP bindings, etc. If you have a browser on that server, try hitting the same URL. If you don't then try elinks or a text-based browser and see what it says when hitting that URL. Certs aren't going to match https://localhost so VERIFY DISABLE must be set.
https://mmonit.com/monit/documentation/monit.html#SSL-OPTIONS ________________________________ From: monit-general <[email protected]> on behalf of Guillaume François <[email protected]> Sent: Wednesday, July 3, 2019 8:16 AM To: This is the general mailing list for monit Subject: Issue with TCP test for HTTPS Hello, I'm using the last version of Monit 5.25.3 on a CentOS fully upgraded but since some updates I'm having an issue with this test on Apache HTTPD if failed port 443 protocol https with timeout 15 seconds for 3 times within 5 cycles then alert raising error: [CEST Jul 3 15:05:00] warning : 'apache-ns353666-prod' failed protocol test [HTTP] at [localhost]:443 [TCP/IP TLS] -- SSL server certificate verification error: unable to get local issuer certificate I use Monit binaries from the website and not the distribution packages (https://mmonit.com/monit/dist/binary/5.25.3/monit-5.25.3-linux-x64.tar.gz) Also openssl version from OS is "OpenSSL 1.0.2k-fips 26 Jan 2017" but it should be an issue as openssl from with the binaries if I'm not wrong. Do anyone have some clue how to make it work again ? Regards.
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
