jan/check_xmppng
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fails to check #3

New issue
Closed
opened 2022-03-10 20:58:18 +01:00 by Ghost · 3 comments
Ghost commented 2022-03-10 20:58:18 +01:00
Copy link

root@icinga:~# /usr/lib/nagios/plugins/check_xmppng -H mauer --c2s -4 --starttls -v
XMPP CRITICAL - request took unknownNone (XMPP stream error: <main.XmppStreamError object at 0x7f6564a6e6a0>)
critical: request took unknownNone (XMPP stream error: <main.XmppStreamError object at 0x7f6564a6e6a0>)
| time=unknown

The certificate of 'mauer' is still valid, it is from let'sencrypt

root@icinga:~# /usr/lib/nagios/plugins/check_xmppng -H mauer --c2s -4 --starttls -v XMPP CRITICAL - request took unknownNone (XMPP stream error: <__main__.XmppStreamError object at 0x7f6564a6e6a0>) critical: request took unknownNone (XMPP stream error: <__main__.XmppStreamError object at 0x7f6564a6e6a0>) | time=unknown The certificate of 'mauer' is still valid, it is from let'sencrypt
jan commented 2022-03-10 23:45:01 +01:00
Owner
Copy link

Hello @folkertvanheusden, thanks for reporting.

I have servers with letsencrypt certificates that work just fine:

$ /usr/lib/nagios/plugins/check_xmppng -H jabber.gnuviech-server.de --c2s -4 --starttls -v
XMPP OK - request took 0.401917s, certificate valid for 38 days
| daysvalid=38 time=0.401917s;;;0
$ /usr/lib/nagios/plugins/check_xmppng -H jabber.gnuviech-server.de --c2s -6 --starttls -v
XMPP OK - request took 0.40541s, certificate valid for 38 days
| daysvalid=38 time=0.40541s;;;0

Which version of check_xmppng did you use?

Could you please check whether

openssl s_client -connect mauer:5222 -starttls xmpp

works on the same system where you run check_xmppng?

Hello @folkertvanheusden, thanks for reporting. I have servers with letsencrypt certificates that work just fine: ``` $ /usr/lib/nagios/plugins/check_xmppng -H jabber.gnuviech-server.de --c2s -4 --starttls -v XMPP OK - request took 0.401917s, certificate valid for 38 days | daysvalid=38 time=0.401917s;;;0 $ /usr/lib/nagios/plugins/check_xmppng -H jabber.gnuviech-server.de --c2s -6 --starttls -v XMPP OK - request took 0.40541s, certificate valid for 38 days | daysvalid=38 time=0.40541s;;;0 ``` Which version of check_xmppng did you use? Could you please check whether `openssl s_client -connect mauer:5222 -starttls xmpp` works on the same system where you run check_xmppng?
Ghost commented 2022-03-11 09:05:47 +01:00
Author
Copy link

Hi,

I'm using version 0.3.2-3 which is in Debian.

Testing it against your server indeed works fine:

root@icinga:~# /usr/lib/nagios/plugins/check_xmppng -H jabber.gnuviech-server.de --c2s -4 --starttls -v
XMPP OK - request took 0.517951s, certificate valid for 38 days
| daysvalid=38 time=0.517951s;;;0

openssl says:

root@icinga:~# openssl s_client -connect mauer:5222 -starttls xmpp
CONNECTED(00000003)

no peer certificate available

No client certificate CA names sent

SSL handshake has read 382 bytes and written 110 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

'mauer' is running prosody 0.11.13-1

Hi, I'm using version 0.3.2-3 which is in Debian. Testing it against your server indeed works fine: root@icinga:~# /usr/lib/nagios/plugins/check_xmppng -H jabber.gnuviech-server.de --c2s -4 --starttls -v XMPP OK - request took 0.517951s, certificate valid for 38 days | daysvalid=38 time=0.517951s;;;0 openssl says: root@icinga:~# openssl s_client -connect mauer:5222 -starttls xmpp CONNECTED(00000003) - no peer certificate available - No client certificate CA names sent - SSL handshake has read 382 bytes and written 110 bytes Verification: OK - New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) - 'mauer' is running prosody 0.11.13-1
Ghost commented 2022-03-11 09:12:35 +01:00
Author
Copy link

Hi,

Found it. I did something really stupid: "mauer" is an internal name, "keetweej.vanheusden.com" is the real hostname that prosody listens on.

So:

root@icinga:~# /usr/lib/nagios/plugins/check_xmppng -H keetweej.vanheusden.com --c2s -4 --starttls -v
XMPP OK - request took 0.348167s, certificate valid for 2 days
| daysvalid=2 time=0.348167s;;;0

Now it works.

Sorry for the inconvenience!

Hi, Found it. I did something really stupid: "mauer" is an internal name, "keetweej.vanheusden.com" is the real hostname that prosody listens on. So: root@icinga:~# /usr/lib/nagios/plugins/check_xmppng -H keetweej.vanheusden.com --c2s -4 --starttls -v XMPP OK - request took 0.348167s, certificate valid for 2 days | daysvalid=2 time=0.348167s;;;0 Now it works. Sorry for the inconvenience!
Ghost closed this issue 2022-03-11 09:12:35 +01:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
debian
jessie-backports
debian/0.3.3-1
0.3.3
debian/0.3.2-3
debian/0.3.2-2
debian/0.3.2-1
0.3.2
0.3.1
debian/0.3.0-1
0.3.0
debian/0.2.1-1
0.2.1
debian/0.2-1
0.2
debian/0.1.2-1.bpo8+1
debian/0.1.2-1
0.1.2
0.1.1
0.1
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: jan/check_xmppng#3
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?