[Xymon] xymon checking wrong SSL cert on CNAME

betsys at well.com betsys at well.com
Thu Jun 13 18:17:32 CEST 2024


>From: Roland Rosenfeld <roland at spinnaker.de> 
>I cannot believe this.  We also have CNAMEs pointing to hosts and the cert
check works as expected.  Did you check the "sslcert" column?

"There are more things on heaven and earth, Horatio, Than are dreamt of in
your philosophy"
Yes, I checked the sslcert column, as that is what I expected to alert. It
reports on the cert for 'hosting.org"

> foobar.example.com and foobar.example.net are both CNAMES to the same
double-A-Record pointing to 1.2.3.4 and 1.2.3.10.

Does one of those two A records point to something.example.com?

As others pointed out, the SNI tag did the trick. 
I gather that this means that the hosting service is putting multiple hosts
on the same IP.
 The PTR record goes to a hosting.org error page on  Google Cloud.  

I haven't spent a great deal of time working with this third-party site as
I'm primarily involved with our own (cloud) servers, but I do the monitoring
(nice to be back with xymon!) and get looped in for SSL cert and other tech
issues



More information about the Xymon mailing list