Discussion:
SSL Error | Handshake Failure
Charles Charleston
2016-02-07 21:24:51 UTC
Permalink
Hello,

Had a SSL issue popup today on a server that has been running Monit for 4-5
months with issue. There were no updates or changes to that server or Monit
so odd that this happened. Monit communicates with my M/Monit server via
SSL and always has. I have checked the configs for both M/Monit and Monit
and everything is as it was. The .pem file is still in place.

Monit runs but can't comminicate with M/Monit and monit status shows:

***@ns1 [~]# monit status
SSL: write I/O error -- Connection reset by peer
SSL: write error -- error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure

There actually was 1 change today but that was just M/Monit trial license
expiring, I bought the license and it started working again and weirdly
enough at the same time this SSL issue shows up. Has me a bit stumped at
the moment so any help would be much appreciated.

Regards,
Chuck Charleston
Tino Hendricks
2016-02-07 21:29:24 UTC
Permalink
Chuck,

I reckon you just restarted monit after a long time with an ssl library updated months before. Which just came into effect now.
There were many updates to the ssl library recently (e.g. which protocols and key lengths are supposed to be valid etc.)

Same happened to me… :-/

Tino
Post by Charles Charleston
Hello,
Had a SSL issue popup today on a server that has been running Monit for 4-5 months with issue. There were no updates or changes to that server or Monit so odd that this happened. Monit communicates with my M/Monit server via SSL and always has. I have checked the configs for both M/Monit and Monit and everything is as it was. The .pem file is still in place.
SSL: write I/O error -- Connection reset by peer
SSL: write error -- error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure
There actually was 1 change today but that was just M/Monit trial license expiring, I bought the license and it started working again and weirdly enough at the same time this SSL issue shows up. Has me a bit stumped at the moment so any help would be much appreciated.
Regards,
Chuck Charleston
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
To unsubscribe:
https://lists.nongnu.org
Chuck Charleston
2016-02-07 21:59:52 UTC
Permalink
Hi Tino,

Thanks for that! I have fixed it now and it is communicating with M/Monit
fine. I now however have another error when running monit status:

Cannot create socket to [127.0.0.1]:2812 -- Connection refused

Same thing if I use the actual external IP or hostname. Never had this
issue before so a bit strange though Monit seems to be working fine and I
do not use the actual web interface for Monit since I have M/Monit.

I'll keep digging into it but weird that it comes up.
Post by Tino Hendricks
Chuck,
I reckon you just restarted monit after a long time with an ssl library
updated months before. Which just came into effect now.
There were many updates to the ssl library recently (e.g. which protocols
and key lengths are supposed to be valid etc.)
Same happened to me
 :-/
Tino
Am 07.02.2016 um 22:24 schrieb Charles Charleston <
Hello,
Had a SSL issue popup today on a server that has been running Monit for
4-5 months with issue. There were no updates or changes to that server or
Monit so odd that this happened. Monit communicates with my M/Monit server
via SSL and always has. I have checked the configs for both M/Monit and
Monit and everything is as it was. The .pem file is still in place.
SSL: write I/O error -- Connection reset by peer
SSL: write error -- error:140790E5:SSL routines:SSL23_WRITE:ssl
handshake failure
There actually was 1 change today but that was just M/Monit trial
license expiring, I bought the license and it started working again and
weirdly enough at the same time this SSL issue shows up. Has me a bit
stumped at the moment so any help would be much appreciated.
Regards,
Chuck Charleston
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Martin Pala
2016-02-08 09:56:21 UTC
Permalink
Hi,

please send the "set httpd" statement from your monit configuration file include "allow" options (obfuscate credentials if any).

Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this issue before so a bit strange though Monit seems to be working fine and I do not use the actual web interface for Monit since I have M/Monit.
I'll keep digging into it but weird that it comes up.
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
Chuck Charleston
2016-02-08 14:11:29 UTC
Permalink
Hi Martin,

Here it is.

set mmonit https://user:***@mmonit.ip:8443/collector
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass

This is on a Centos 7 cPanel DNSonly server.

Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration file
include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this
issue before so a bit strange though Monit seems to be working fine and I
do not use the actual web interface for Monit since I have M/Monit.
Post by Chuck Charleston
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Martin Pala
2016-02-08 14:16:04 UTC
Permalink
just add "allow 127.0.0.1" to the list of allow options

Regards,
Martin
Post by Chuck Charleston
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration file include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this issue before so a bit strange though Monit seems to be working fine and I do not use the actual web interface for Monit since I have M/Monit.
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Chuck Charleston
2016-02-08 14:29:31 UTC
Permalink
Hi Martin,

I have done that now and reloaded monit, but the issue persists.

Regards,
Chuck
Post by Martin Pala
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration file
include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this
issue before so a bit strange though Monit seems to be working fine and I
do not use the actual web interface for Monit since I have M/Monit.
Post by Chuck Charleston
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Russell Simpkins
2016-02-08 14:51:17 UTC
Permalink
Have you disabled selinux? selinux can cause issues if enabled and unaware.
Post by Chuck Charleston
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
Post by Martin Pala
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration file
include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this
issue before so a bit strange though Monit seems to be working fine and I
do not use the actual web interface for Monit since I have M/Monit.
Post by Chuck Charleston
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Chuck Charleston
2016-02-08 15:04:22 UTC
Permalink
Hi Russell,

Yep selinux is disabled, really odd. I just checked on a few of my other
servers and notice now that they all give similar errors. Some say
connection refused and some say connection timed out when running monit
status. It does not though seem to effect how they run, at least as far as
I can tell. Still would love to figure out why I am getting this error.

Regards,
Chuck
Post by Russell Simpkins
Have you disabled selinux? selinux can cause issues if enabled and unaware.
On Mon, Feb 8, 2016 at 9:29 AM, Chuck Charleston <
Post by Chuck Charleston
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
Post by Martin Pala
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration
file include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had
this issue before so a bit strange though Monit seems to be working fine
and I do not use the actual web interface for Monit since I have M/Monit.
Post by Chuck Charleston
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Martin Pala
2016-02-08 16:56:15 UTC
Permalink
The "use addres 127.0.0.1" makes monit listen only on the loopback interface ... the "allow mmonit.server.ip" has no effect, as M/Monit won't be able to reach Monit's httpd.

I suggest to change the configuration like this (remove "use address 127.0.0.1"):

--8<--
set httpd port 2812
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip #note: allow access from M/Monit
allow 127.0.0.1 #note: allow access for monit CLI
allow user:pass
--8<--

Monit will then listen on all interfaces, so it can be reached both from the M/Monit host and localhost.

Please make sure to do "monit reload" after the configuration change.

Regards,
Martin
Post by Chuck Charleston
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Post by Chuck Charleston
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Hi,
please send the "set httpd" statement from your monit configuration file include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this issue before so a bit strange though Monit seems to be working fine and I do not use the actual web interface for Monit since I have M/Monit.
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Chuck Charleston
2016-02-08 17:15:19 UTC
Permalink
Hi Martin,

I have tried as you suggested and reloaded monit but unfortunately, still
receive the error: Cannot create socket to [localhost]:2812 -- Connection
refused


Regards,
Chuck
Post by Martin Pala
The "use addres 127.0.0.1" makes monit listen only on the loopback
interface ... the "allow mmonit.server.ip" has no effect, as M/Monit won't
be able to reach Monit's httpd.
--8<--
set httpd port 2812
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip #note: allow access from M/Monit
allow 127.0.0.1 #note: allow access for monit CLI
allow user:pass
--8<--
Monit will then listen on all interfaces, so it can be reached both from
the M/Monit host and localhost.
Please make sure to do "monit reload" after the configuration change.
Regards,
Martin
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
Post by Martin Pala
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration file
include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this
issue before so a bit strange though Monit seems to be working fine and I
do not use the actual web interface for Monit since I have M/Monit.
Post by Chuck Charleston
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Russell Simpkins
2016-02-08 17:35:02 UTC
Permalink
did you confirm you can connect using telnet and that the something is
listening on 2812 e.g. lsof -i:2812
Post by Chuck Charleston
Hi Martin,
I have tried as you suggested and reloaded monit but unfortunately, still
receive the error: Cannot create socket to [localhost]:2812 -- Connection
refused
Regards,
Chuck
Post by Martin Pala
The "use addres 127.0.0.1" makes monit listen only on the loopback
interface ... the "allow mmonit.server.ip" has no effect, as M/Monit won't
be able to reach Monit's httpd.
--8<--
set httpd port 2812
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip #note: allow access from M/Monit
allow 127.0.0.1 #note: allow access for monit CLI
allow user:pass
--8<--
Monit will then listen on all interfaces, so it can be reached both from
the M/Monit host and localhost.
Please make sure to do "monit reload" after the configuration change.
Regards,
Martin
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
Post by Martin Pala
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration
file include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had
this issue before so a bit strange though Monit seems to be working fine
and I do not use the actual web interface for Monit since I have M/Monit.
Post by Chuck Charleston
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Chuck Charleston
2016-02-08 18:16:47 UTC
Permalink
Well monit is running but nothing is listening on port 2812

netstat -plnt | grep 2812

Returns nothing.

Port 2812 is open in the firewall (CSF). I also tried disabling csf
completely and it made no difference.

Regards,
Chuck
Post by Russell Simpkins
did you confirm you can connect using telnet and that the something is
listening on 2812 e.g. lsof -i:2812
On Mon, Feb 8, 2016 at 12:15 PM, Chuck Charleston <
Post by Chuck Charleston
Hi Martin,
I have tried as you suggested and reloaded monit but unfortunately, still
receive the error: Cannot create socket to [localhost]:2812 -- Connection
refused
Regards,
Chuck
Post by Martin Pala
The "use addres 127.0.0.1" makes monit listen only on the loopback
interface ... the "allow mmonit.server.ip" has no effect, as M/Monit won't
be able to reach Monit's httpd.
--8<--
set httpd port 2812
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip #note: allow access from M/Monit
allow 127.0.0.1 #note: allow access for monit CLI
allow user:pass
--8<--
Monit will then listen on all interfaces, so it can be reached both from
the M/Monit host and localhost.
Please make sure to do "monit reload" after the configuration change.
Regards,
Martin
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
Post by Martin Pala
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration
file include "allow" options (obfuscate credentials if any).
Regards,
Martin
On 07 Feb 2016, at 22:59, Chuck Charleston <
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had
this issue before so a bit strange though Monit seems to be working fine
and I do not use the actual web interface for Monit since I have M/Monit.
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Martin Pala
2016-02-08 18:19:01 UTC
Permalink
Please check monit log and try to run monit in debug mode:

monit -vI

send the whole output, there was probably some problem with starting the httpd thread (you can send it to ***@mmonit.com if you don't want to uncover the configuration.

Regards,
Martin
Post by Chuck Charleston
Well monit is running but nothing is listening on port 2812
netstat -plnt | grep 2812
Returns nothing.
Port 2812 is open in the firewall (CSF). I also tried disabling csf completely and it made no difference.
Regards,
Chuck
did you confirm you can connect using telnet and that the something is listening on 2812 e.g. lsof -i:2812
Hi Martin,
I have tried as you suggested and reloaded monit but unfortunately, still receive the error: Cannot create socket to [localhost]:2812 -- Connection refused
Regards,
Chuck
The "use addres 127.0.0.1" makes monit listen only on the loopback interface ... the "allow mmonit.server.ip" has no effect, as M/Monit won't be able to reach Monit's httpd.
--8<--
set httpd port 2812
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip #note: allow access from M/Monit
allow 127.0.0.1 #note: allow access for monit CLI
allow user:pass
--8<--
Monit will then listen on all interfaces, so it can be reached both from the M/Monit host and localhost.
Please make sure to do "monit reload" after the configuration change.
Regards,
Martin
Post by Chuck Charleston
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Post by Chuck Charleston
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Hi,
please send the "set httpd" statement from your monit configuration file include "allow" options (obfuscate credentials if any).
Regards,
Martin
Post by Chuck Charleston
Hi Tino,
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had this issue before so a bit strange though Monit seems to be working fine and I do not use the actual web interface for Monit since I have M/Monit.
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general <https://lists.nongnu.org/mailman/listinfo/monit-general>
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Chuck Charleston
2016-02-08 18:36:48 UTC
Permalink
Thanks everybody for the help!

Once checking the logs again and running verbose i was able to see it was
still an issue with SSL and starting httpd. I ran again a yum update which
updated a bunch of stuff including openssl. Than remade the cert which i
also found had a incorrect hostname listed in it.

All good now.

Regards,
Chuck
Post by Martin Pala
monit -vI
send the whole output, there was probably some problem with starting the
uncover the configuration.
Regards,
Martin
Well monit is running but nothing is listening on port 2812
netstat -plnt | grep 2812
Returns nothing.
Port 2812 is open in the firewall (CSF). I also tried disabling csf
completely and it made no difference.
Regards,
Chuck
Post by Russell Simpkins
did you confirm you can connect using telnet and that the something is
listening on 2812 e.g. lsof -i:2812
On Mon, Feb 8, 2016 at 12:15 PM, Chuck Charleston <
Post by Chuck Charleston
Hi Martin,
I have tried as you suggested and reloaded monit but unfortunately,
still receive the error: Cannot create socket to [localhost]:2812 --
Connection refused
Regards,
Chuck
Post by Martin Pala
The "use addres 127.0.0.1" makes monit listen only on the loopback
interface ... the "allow mmonit.server.ip" has no effect, as M/Monit won't
be able to reach Monit's httpd.
--8<--
set httpd port 2812
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip #note: allow access from M/Monit
allow 127.0.0.1 #note: allow access for monit CLI
allow user:pass
--8<--
Monit will then listen on all interfaces, so it can be reached both
from the M/Monit host and localhost.
Please make sure to do "monit reload" after the configuration change.
Regards,
Martin
Hi Martin,
I have done that now and reloaded monit, but the issue persists.
Regards,
Chuck
Post by Martin Pala
just add "allow 127.0.0.1" to the list of allow options
Regards,
Martin
Hi Martin,
Here it is.
set httpd port 2812 and use address 127.0.0.1
SSL enable
pemfile /var/certs/monit.pem
allowselfcertification
allow mmonit.server.ip
allow user:pass
This is on a Centos 7 cPanel DNSonly server.
Regards,
Chuck
Post by Martin Pala
Hi,
please send the "set httpd" statement from your monit configuration
file include "allow" options (obfuscate credentials if any).
Regards,
Martin
On 07 Feb 2016, at 22:59, Chuck Charleston <
Hi Tino,
Thanks for that! I have fixed it now and it is communicating with
Cannot create socket to [127.0.0.1]:2812 -- Connection refused
Same thing if I use the actual external IP or hostname. Never had
this issue before so a bit strange though Monit seems to be working fine
and I do not use the actual web interface for Monit since I have M/Monit.
I'll keep digging into it but weird that it comes up.
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
--
https://lists.nongnu.org/mailman/listinfo/monit-general
Loading...