[Xymon] HTTPS monitoring, with different IP

Mark O. Stitson mark at stitson.com
Sun Jun 21 16:50:39 CEST 2020

Have you tried the sni parameter, eg.        www.mysite.com.au            # noconn httpstatus;https://mysite.com.au=;2.. sni

This is supported since 4.3.13.


-----Original Message-----
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Adam Goryachev
Sent: 21 June 2020 09:33
To: Xymon MailingList <xymon at xymon.com>
Subject: [Xymon] HTTPS monitoring, with different IP

I have a strange setup, my web server is behind a 1:1 NAT, and xymon is also behind the same router. The router doesn't support network pinning (ie, go out, and then translate on the way back in again), so the network test simply timeout.

I've found a "solution" which is to configure xymon to talk to the internal IP address instead of the external one, but instead of changing the DNS or using /etc/hosts file, I want to keep this change to the xymon config.

So currently I have this:        www.mysite.com.au            # noconn httpstatus;https://mysite.com.au=;2..

This solves the problem for the http column (I get a green dot, and everything is OK), but I get a red dot for sslcert because xymon is looking at the wrong SSL certificate (not using SNI correctly).

I'm using the xymon package from debian version 4.3.28-5+deb10u1 in case that is relevant.

Is there a solution to have xymon correctly monitor the SSL certificate when using a different IP address?


Xymon mailing list
Xymon at xymon.com

More information about the Xymon mailing list