Replies: 3 comments 1 reply
-
|
Very difficult to say without any debugging output or the possibility to test |
Beta Was this translation helpful? Give feedback.
-
|
It would be easy enough to replicate. |
Beta Was this translation helpful? Give feedback.
-
|
Maybe. But it would be nice to help. If I find the time to set it up, I'll take a look. |
Beta Was this translation helpful? Give feedback.
-
|
Have you tried using --sni? This is my typical command line ./check_ssl_cert -w 45 -c 30 -A -H SYSTEM_HOSTNAME --sni CERT_DOMAIN --ignore-host-cn --ignore-ocsp-errors |
Beta Was this translation helpful? Give feedback.
-
I have a redirect host with multiple domains some using one certificate and other domains using yet another certificate.
While the check for the SSL returns OK for all the domains (%CN%) the %DAYS_VALID% and %CA_ISSUER_MATCHED% are only for the same certificate for all the domains apparently not checking the correct certificate with the check on host.
The command check I use:
check_ssl_cert -H $HOSTADDRESS$ -u $ARG1$ --format '%SHORTNAME% %STATUS%:%DAYS_VALID% %CN% - %CA_ISSUER_MATCHED%'While "$ARG1$ " is the domain name.
Am I missing something or is it a bug/limitation?
If I run:
check_ssl_cert -H $ARG1$Then it returns the correct certificate. However I am looking to specifically check against a host IP address with a domain name maybe even before a DNS record has yet been created/modified.
Beta Was this translation helpful? Give feedback.
All reactions