[Xymon] xymon checking wrong SSL cert on CNAME

RON JOHNSON ron.johnson1731 at comcast.net
Sat Jun 15 07:39:17 CEST 2024


I had always wondered why my virtual hosts showed the A record of the hosts IP address when viewing the xymon data under the sslcert column. Only today by following and reading this thread and all the replies to the thread have I fixed the output of what's reported in the sslcert column by adding the 'sni' qualifier(?) to the end of all my virtual hosts in hosts.cfg. Now the sslcert data is correct for all the virtual hosts connected to one of my domains.
 
Forgive the top posting but this reply only comes after reading through the full thread. I didn't want to have the full thread in this reply so only included the original post. I gathered the 'sni' data from another reply in the post and realized this was the magic I was looking for to fix that one issue I had been ignoring for the past year.
 
Thanks,
Ron
 

> On 06/12/2024 9:40 PM PDT betsys at well.com wrote:
>  
>  
> 
> Hi,
> 
> We have a website at a third-party  hosting company, where our site https://http://www.example.com  is a cname for something.hosting.com  (not the real name)
> 
> We have a LetsEncrypt cert issued forhttp://www.example.com .
> 
>  
> 
> The cert wasn’t updating, but xymon did not alert , because xymon is apparently evaluating the CNAME and then checking the cert for hosting.com (which has a wildcard cert *.hosting.com)
> 
>  
> 
> How do we make xymon check the cert forhttp://www.example.com , other than writing our own script? I think this is a fairly common setup for hosted websites
> 
> (for a minute I thought about adding an A record but that would be wrong on multiple levels)
> 
>  
> 
> /home/xymon/server/etc/hosts.cfg has
> 
> x.x.x.x  www.example.com # noconn httpstatus;http://www.example.com/;301; https://www.example.com
> 
>  
> 
> (where x.x.x.x is the actual IP)
> 
>  
> 
> Running xymon 4.3.30 on Alma 8
> 
>  
> 
> Thanks very much!
> 
>  
> 
>  
> 
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20240614/c0a75bb8/attachment.htm>


More information about the Xymon mailing list