I’m using a nagios plugin (http://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert/details) to do SSL cert checks
When I run it interactively from command line, it runs fine.
# /etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3
SSL_CERT OK - X.509 certificate for ‘mydomain.com’ from ‘Go Daddy Secure Certificate Authority - G2’ valid until Jun 23 17:48:28 2015 GMT
When it gets called from within Sensu, it gives the following
SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification error: unable to get local issuer certificate verification error: certificate not trusted\n
Any ideas on what could be causing this difference in behaviours?
Is it possible that a SSL cert required to verify is not accessible to
the Sensu user?
Can you run the check from the cli *as* sensu to reproduce?
···
On Fri, Sep 19, 2014 at 2:08 PM, Matt Cave <m@ttcave.ca> wrote:
I'm using a nagios plugin
(Directory - Nagios Exchange)
to do SSL cert checks
When I run it interactively from command line, it runs fine.
# /etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3
SSL_CERT OK - X.509 certificate for 'mydomain.com' from 'Go Daddy Secure
Certificate Authority - G2' valid until Jun 23 17:48:28 2015 GMT
When it gets called from within Sensu, it gives the following
SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification
error: unable to get local issuer certificate verification error:
certificate not trusted\n
Any ideas on what could be causing this difference in behaviours?
That was actually my first guess… Still seeing the same error.
-bash-4.1$ whoami
sensu
-bash-4.1$ /etc/sensu/plugins/check-ssl-cert.sh -H accu-chekto.com -w 90 -c 14 -S 3
SSL_CERT OK - X.509 certificate for ‘accu-chekto.com’ from ‘Go Daddy Secure Certificate Authority - G2’ valid until Jun 23 17:48:28 2015 GMT
···
On Friday, September 19, 2014 9:39:02 PM UTC-4, Kyle Anderson wrote:
Is it possible that a SSL cert required to verify is not accessible to
the Sensu user?
Can you run the check from the cli as sensu to reproduce?
On Fri, Sep 19, 2014 at 2:08 PM, Matt Cave m...@ttcave.ca wrote:
I’m using a nagios plugin
(http://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert/details)
to do SSL cert checks
When I run it interactively from command line, it runs fine.
/etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3
SSL_CERT OK - X.509 certificate for ‘mydomain.com’ from 'Go Daddy Secure
Certificate Authority - G2’ valid until Jun 23 17:48:28 2015 GMT
When it gets called from within Sensu, it gives the following
SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification
error: unable to get local issuer certificate verification error:
certificate not trusted\n
Any ideas on what could be causing this difference in behaviours?
I would run the script with set -vx to and diff the outputs. (feel
free to pastebin)
I would also throw in a "set" at the top of the script to dump the
environment and compare that too.
···
On Mon, Sep 22, 2014 at 11:52 AM, Matt Cave <m@ttcave.ca> wrote:
That was actually my first guess.... Still seeing the same error.
-bash-4.1$ whoami
sensu
-bash-4.1$ /etc/sensu/plugins/check-ssl-cert.sh -H accu-chekto.com -w 90 -c
14 -S 3
SSL_CERT OK - X.509 certificate for 'accu-chekto.com' from 'Go Daddy Secure
Certificate Authority - G2' valid until Jun 23 17:48:28 2015 GMT
On Friday, September 19, 2014 9:39:02 PM UTC-4, Kyle Anderson wrote:
Is it possible that a SSL cert required to verify is not accessible to
the Sensu user?
Can you run the check from the cli *as* sensu to reproduce?
On Fri, Sep 19, 2014 at 2:08 PM, Matt Cave <m...@ttcave.ca> wrote:
> I'm using a nagios plugin
>
> (Directory - Nagios Exchange)
> to do SSL cert checks
>
> When I run it interactively from command line, it runs fine.
>
> # /etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3
> SSL_CERT OK - X.509 certificate for 'mydomain.com' from 'Go Daddy Secure
> Certificate Authority - G2' valid until Jun 23 17:48:28 2015 GMT
>
> When it gets called from within Sensu, it gives the following
>
> SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification
> error: unable to get local issuer certificate verification error:
> certificate not trusted\n
>
> Any ideas on what could be causing this difference in behaviours?