1. Tildeslash Avatar Tildeslash
  2. Untitled project
  3. Monit
  4. Issues

SSL: read error -- EOF without redirection

Issue #619 resolved
SzV created an issue

Hello!

 check host "egeszseges-ivoviz.hu" with address "www.egeszseges-ivoviz.hu"
   group "website"
   if failed host "www.egeszseges-ivoviz.hu" port 443 with protocol https and request "/" status = 200
     content = "<div class=.widget-title.>Kérdése van?"
     with timeout 2 seconds then alert
   if failed ping4 then alert

Apache log

/var/log/apache2/egivoviz-ssl-access.log:81.2.236.171 - - [05/Jun/2017:14:14:59 +0000] "GET / HTTP/1.1" 200 34595 "-" "Monit/5.20.0"

A+ SSL test: https://www.ssllabs.com/ssltest/analyze.html?d=www.egeszseges-ivoviz.hu

[UTC Jun  5 14:14:59] debug    : Ping response for www.egeszseges-ivoviz.hu 1/3 succeeded -- received id=30229 sequence=1 response_time=10.435 ms
[UTC Jun  5 14:14:59] debug    : 'egeszseges-ivoviz.hu' ping test succeeded [response time 10.435 ms]
[UTC Jun  5 14:14:59] error    : SSL: read error -- EOF
[UTC Jun  5 14:14:59] error    : SSL: read error -- EOF
[UTC Jun  5 14:14:59] debug    : HTTP: Regular expression matches
[UTC Jun  5 14:14:59] debug    : 'egeszseges-ivoviz.hu' succeeded testing protocol [HTTP] at [www.egeszseges-ivoviz.hu]:443/ [TCP/IP SSL] [response time 218.893 ms]
[UTC Jun  5 14:14:59] debug    : 'egeszseges-ivoviz.hu' connection succeeded to [www.egeszseges-ivoviz.hu]:443/ [TCP/IP SSL]

Please advise.

Comments (7)

  3. bablex

    Same issue with 5.25.1 & .2

    This bug means basic HTTPS healthchecks are NOT working - as a paying customer of MMonit this is major issue - all our websites cannot be healthchecked & this issue has been open since 1 year.

  4. Tildeslash repo owner

    Cannot reproduce the issue (testing with monit 5.25.2 and "egeszseges-ivoviz.hu" configuration, monit linked with OpenSSL 1.0.2o).

    Please can you add network trace of the communication between monit and the https server?

    The read error with EOF seems to be server-side connection termination.

    Regarding @jo-ho (Jonas) report ... the difference between "with content" and "with status" configuration is, that when the content is checked, monit uses a GET method (need page body). If only status is required, then monit uses the HEAD method to save the bandwidth.

    If the problem occurs again, please can you retry the http protocol check with the following options and report the result (along with the network trace):

    1. "method head"
    2. "method get"
  6. Tildeslash repo owner

    Fixed: Issue #619: The HTTP protocol test may log SSL read errors and the content/checksum test may fail when the server sends chunked encoded response.

    → <<cset dcd23a1649b0>>

  8. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Component
Version
Votes
3
Watchers
5