You may find you need to perform a check where the FQDN you are monitoring doesn’t correspond to the IP address and some form of virtual server (or host headers) are in use. Now normally using a command like:<\/p>\n\n\n\n
.\/check_http -H www.website.com -p 443 -C 30,15<\/code><\/pre>\n\n\n\nShould just work however in certain instances depending on the configuration of the web server you’ll get a different response to what you are expecting.<\/p>\n\n\n\n
The issue is also described in https:\/\/github.com\/nagios-plugins\/nagios-plugins\/issues\/563<\/a><\/p>\n\n\n\nExample<\/h2>\n\n\n\n
Let’s take a look at an example, now we know this service the certificate is due to expire in 2 days, so let’s perform a check to see (its the 19th October 2022 today):<\/p>\n\n\n\n
# .\/check_http -v -H www.website.com -S -C 30,15\nOK - Certificate '*.azurewebsites.net' will expire on Thu 09 Mar 2023 18:39:00 GMT.<\/code><\/pre>\n\n\n\nWait, what? Thats not about to expire so what is it doing. Clearly its just resolving the IP address from the hostname and then querying the catch all website. If I go to this site within a web browser, i’m seeing the site and certificate i’m expecting!<\/p>\n\n\n\n
What seems to be going on is the way the check_http request is being interpreted by the web server, meaning it does not seem to work with the host headers.<\/p>\n\n\n\n
To resolve this you need to use the SNI option on check_http as below, now when we use that we get the result we were expecting.<\/p>\n\n\n\n
# .\/check_http -I www.website.com --sni --hostname=www.website.com -S -C 30,15\nCRITICAL - Certificate 'www.website.com' expires in 2 day(s) (Sat 22 Oct 2022 00:59:00 BST).<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"You may find you need to perform a check where the FQDN you are monitoring doesn’t correspond to the IP address and some form of virtual server (or host headers) are in use. Now normally using a command like: Should just work however in certain instances depending on the configuration of the web server you’ll … Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":1614,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,16,22],"tags":[],"class_list":["post-1289","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","category-nagios-and-nagiosxi","category-security"],"_links":{"self":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/1289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1289"}],"version-history":[{"count":1,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/1289\/revisions"}],"predecessor-version":[{"id":1291,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/1289\/revisions\/1291"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/media\/1614"}],"wp:attachment":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}