CHECK_NRPE: Error - Could not complete SSL handshake

Question

I have NRPE daemon process running under xinetd on amazon ec2 instance and nagios server on my local machine.

The check_nrpe -H [amazon public IP] gives this error:

CHECK_NRPE: Error - Could not complete SSL handshake.

Both Nrpe are same versions. Both are compiled with this option:

./configure  --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu/

"allowed host" entry contains my local IP address.

What could be the possible reason of this error now??

Answer 1

check your /var/sys/system.log . In my case, it turned out my monitored IP was set to something else than the one I set in nrpe.cfg file. I don't know the cause of this change, though.

Answer 2

So many answers, none of them hit the reason why I ran into this issue.

It turns out that nagios has terrible cross-version support and this was caused by me having a version 2 "client" (machine being monitored) and a version 3 "server" (monitoring machine).

Once I upgraded the client to version 3, the problem went away and I could do a check_nrpe -H [client IP] without issues.

Note that I am not sure if client/server are the right terms with nagios, as in the case of an NRPE call, the server is really the machine being called, but I digress.