On Wed, 8 Nov 2023 at 23:14, Ingeborg Hellemo via Xymon <xymon at xymon.com> wrote:

~/server/bin/xymonnet --debug --no-update <servername>

35422 2023-11-08 13:06:06.168385 1 status messages merged into 1 transmissions Address=[IP]:443, open=1, res=0, err=5, connecttime=0.000303, totaltime=0.002631, httpstatus = -5, open=1, errcode=5, parsestatus=0 Response: (no headers) URL : https://<servername>/ HTTP status : -5

I'm surprised there isn't some kind of error message being displayed. err=5 is "CONTEST_ESSL" meaning something went wrong in the SSL comms, or setup. In most cases where the error code is set to CONTEST_ESSL, there's an "errprintf()" that describes the error. I'd have thought "--debug" would show these on STDERR.

The missing error message is likely going to help narrow down the problem. These are all of the error messages in contest.c where err is set to CONTEST_ESSL:

errprintf("SSL test, but xymonnet was built without SSL support\n"); errprintf("Failed to find enough entropy on your system"); errprintf("Cannot create SSL context - IP %s, service %s: %s\n", inet_ntoa(item->addr.sin_addr), item->svcinfo->svcname, sslerrmsg); errprintf("Cannot load SSL client certificate/key %s: %s\n", item->ssloptions->clientcert, sslerrmsg); errprintf("SSL_new failed - IP %s, service %s: %s\n", inet_ntoa(item->addr.sin_addr), item->svcinfo->svcname, sslerrmsg); errprintf("Private/public key mismatch for certificate %s\n", item->ssloptions->clientcert); errprintf("Could not initiate SSL on connection - IP %s, service %s: %s\n", inet_ntoa(item->addr.sin_addr), item->svcinfo->svcname, sslerrmsg); errprintf("IO error in SSL_connect to %s on host %s: %s\n", portinfo, inet_ntoa(item->addr.sin_addr), sslerrmsg); errprintf("Unspecified SSL error in SSL_connect to %s on host %s: %s\n", portinfo, inet_ntoa(item->addr.sin_addr), sslerrmsg); errprintf("Unknown error %d in SSL_connect to %s on host %s: %s\n", err, portinfo, inet_ntoa(item->addr.sin_addr), sslerrmsg); errprintf("Cannot get peer certificate for %s on host %s\n", portinfo, inet_ntoa(item->addr.sin_addr));

Perhaps these can give you some clues about what might be going wrong.

I also suggest taking a look at the webserver logs for any errors, warnings or notice messages associated with the xymonnet connection.

J