Share, , Google Plus, Pinterest,

Print

Posted in:

CHECK_NRPE: Error – Could not complete SSL handshake

31 Comments

If you know about “CHECK_NRPE: Error – Could not complete SSL handshake” error then you are probably running Nagios in your environment. Well I am too … and after a successfull Nagios configuration – adding a new client to configuration (read more about this in my Nagios configuration post) and setting up the configuration on the client side also, i also got “CHECK_NRPE: Error – Could not complete SSL handshake” in my Nagios.

In this post i will explain why Nagios is getting this error and what to do to fix it!

Nagios logo
Nagios logo

How To fix “CHECK_NRPE: Error – Could not complete SSL handshake” guide!

Step 1: “CHECK_NRPE: Error – Could not complete SSL handshake” is usually (always from what i’ve seen) a client side problem.

Step 2: Nagios client holds the file nrpe.cfg (provided by nagios-nrpe or nrpe package) usually at location /etc/nagios/nrpe.cfg (if installed from RPM).

Step 3: To FIX “CHECK_NRPE: Error – Could not complete SSL handshake” problem you need to edit nrpe.cfg file and the line allowed_hosts.

By default nrpe.cfg allowed_hosts line only holds localhost address:

allowed_hosts=127.0.0.1

You need to add the address one or more of your Nagios servers – separate it with commas:

allowed_hosts=127.0.0.1,192.168.1.100

Step 4: ..do not forget to restart nrpe service!

[root@foo1 ~]# service nrpe restart
Shutting down Nagios NRPE daemon (nrpe):                   [  OK  ]
Starting Nagios NRPE daemon (nrpe):                        [  OK  ]

Now your Nagios shouldn’t show “CHECK_NRPE: Error – Could not complete SSL handshake” error for this client anymore!!

TEST: You can test this from your Nagios server by finding and running check_nrpe script (syntax: check_nrpe -H CLIENTIPADDR):

[root@foo1 ~]# /usr/lib/nagios/plugins/check_nrpe -H 192.168.61.149
CHECK_NRPE: Error - Could not complete SSL handshake.
[root@foo1 ~]# vi /etc/nagios/nrpe.cfg
[root@foo1 ~]# service nrpe restart
Shutting down Nagios NRPE daemon (nrpe):                   [  OK  ]
Starting Nagios NRPE daemon (nrpe):                        [  OK  ]
[root@foo1 ~]# /usr/lib/nagios/plugins/check_nrpe -H 192.168.61.149
NRPE v2.14

If the response to this test is NRPE version of the client, the connection is OK!

UPDATE (Thanks to Stefano Costa):

If you are running the NRPE daemon under either inetd or xinetd the option allowed_hosts in the file nrpe.cfg is ignored. You should instead change the configuration of the service, for example, if you use xinetd, edit the only_from directive in the file /etc/xinetd.d/nrpe.

Tagged with: , , , ,

Share, , Google Plus, Pinterest,