Plugin runs OK interactively, gives error running from Sensu


#1

I’m using a nagios plugin (http://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert/details) to do SSL cert checks

When I run it interactively from command line, it runs fine.

# /etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3

SSL_CERT OK - X.509 certificate for ‘mydomain.com’ from ‘Go Daddy Secure Certificate Authority - G2’ valid until Jun 23 17:48:28 2015 GMT

When it gets called from within Sensu, it gives the following

SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification error: unable to get local issuer certificate verification error: certificate not trusted\n

Any ideas on what could be causing this difference in behaviours?


#2

Is it possible that a SSL cert required to verify is not accessible to
the Sensu user?
Can you run the check from the cli *as* sensu to reproduce?

···

On Fri, Sep 19, 2014 at 2:08 PM, Matt Cave <m@ttcave.ca> wrote:

I'm using a nagios plugin
(http://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert/details)
to do SSL cert checks

When I run it interactively from command line, it runs fine.

# /etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3
SSL_CERT OK - X.509 certificate for 'mydomain.com' from 'Go Daddy Secure
Certificate Authority - G2' valid until Jun 23 17:48:28 2015 GMT

When it gets called from within Sensu, it gives the following

SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification
error: unable to get local issuer certificate verification error:
certificate not trusted\n

Any ideas on what could be causing this difference in behaviours?


#3

That was actually my first guess… Still seeing the same error.

-bash-4.1$ whoami

sensu

-bash-4.1$ /etc/sensu/plugins/check-ssl-cert.sh -H accu-chekto.com -w 90 -c 14 -S 3

SSL_CERT OK - X.509 certificate for ‘accu-chekto.com’ from ‘Go Daddy Secure Certificate Authority - G2’ valid until Jun 23 17:48:28 2015 GMT

···

On Friday, September 19, 2014 9:39:02 PM UTC-4, Kyle Anderson wrote:

Is it possible that a SSL cert required to verify is not accessible to

the Sensu user?

Can you run the check from the cli as sensu to reproduce?

On Fri, Sep 19, 2014 at 2:08 PM, Matt Cave m...@ttcave.ca wrote:

I’m using a nagios plugin

(http://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert/details)

to do SSL cert checks

When I run it interactively from command line, it runs fine.

/etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3

SSL_CERT OK - X.509 certificate for ‘mydomain.com’ from 'Go Daddy Secure

Certificate Authority - G2’ valid until Jun 23 17:48:28 2015 GMT

When it gets called from within Sensu, it gives the following

SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification

error: unable to get local issuer certificate verification error:

certificate not trusted\n

Any ideas on what could be causing this difference in behaviours?


#4

I would run the script with set -vx to and diff the outputs. (feel
free to pastebin)
I would also throw in a "set" at the top of the script to dump the
environment and compare that too.

···

On Mon, Sep 22, 2014 at 11:52 AM, Matt Cave <m@ttcave.ca> wrote:

That was actually my first guess.... Still seeing the same error.

-bash-4.1$ whoami
sensu
-bash-4.1$ /etc/sensu/plugins/check-ssl-cert.sh -H accu-chekto.com -w 90 -c
14 -S 3
SSL_CERT OK - X.509 certificate for 'accu-chekto.com' from 'Go Daddy Secure
Certificate Authority - G2' valid until Jun 23 17:48:28 2015 GMT

On Friday, September 19, 2014 9:39:02 PM UTC-4, Kyle Anderson wrote:

Is it possible that a SSL cert required to verify is not accessible to
the Sensu user?
Can you run the check from the cli *as* sensu to reproduce?

On Fri, Sep 19, 2014 at 2:08 PM, Matt Cave <m...@ttcave.ca> wrote:
> I'm using a nagios plugin
>
> (http://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert/details)
> to do SSL cert checks
>
> When I run it interactively from command line, it runs fine.
>
> # /etc/sensu/plugins/check-ssl-cert.sh -H mydomain.com -w 90 -c 14 -S 3
> SSL_CERT OK - X.509 certificate for 'mydomain.com' from 'Go Daddy Secure
> Certificate Authority - G2' valid until Jun 23 17:48:28 2015 GMT
>
> When it gets called from within Sensu, it gives the following
>
> SSL_CERT CRITICAL mydomain.com: Cannot verify certificate\nverification
> error: unable to get local issuer certificate verification error:
> certificate not trusted\n
>
> Any ideas on what could be causing this difference in behaviours?