When we discuss about a monitoring systems, Nagios is known for being strong and flexible. But when setting up or maintaining Nagios, especially with remote server monitoring using the Nagios Remote Plugin Executor (NRPE), you might see the annoying error: “CHECK_NRPE: Error – Could not complete SSL handshake.” This error can stop your monitoring, but you can fix it with the right steps.
Understanding the Error
The “CHECK_NRPE: Error – Could not complete SSL handshake” message usually happens when trying to make a secure connection between the Nagios server and a remote host using NRPE. This SSL handshake failure often happens because of configuration mismatches or restrictions that stop successful communication.
Step-by-Step Solution
The solution involves making sure the NRPE configuration on the remote server allows connections from the Nagios monitoring server. Here’s how to solve the issue step-by-step:
Step 1: Verify NRPE Configuration on the Remote Server
First, check the NRPE configuration file on the remote server. This file is usually found at /etc/nagios/nrpe.cfg. It has the settings that control how NRPE works, including which hosts are allowed to connect.
- Open the NRPE configuration file with your favorite text editor.
- Look for the allowed_hosts directive. This line shows which IP addresses are allowed to communicate with the NRPE service.
Step 2: Update Allowed Hosts
If the Nagios server’s IP address is not listed under allowed_hosts, NRPE will reject the connection, causing the SSL handshake error. To fix this:
- Add the IP address of your Nagios server to the allowed_hosts line. If you’re monitoring multiple Nagios servers, separate each IP address with commas. You can also allow a range of addresses by using CIDR notation, like 192.168.10.0/24.
- The updated line might look like this:
allowed_hosts=127.0.0.1,192.168.10.3,192.168.10.4
Step 3: Restart the NRPE Service
After updating the NRPE configuration, restart the NRPE service to apply the changes. This can usually be done with a command like:
sudo service nrpe restart
or for systems using systemd:
sudo systemctl restart nrpe.service
Step 4: Confirm the Configuration
Finally, test the connection again from your Nagios server using the check_nrpe command:
/usr/lib64/nagios/plugins/check_nrpe -H remote_host_ip
If the configuration is correct, the SSL handshake error should go away, and you’ll get a proper response from the NRPE plugin on the remote server.
Conclusion
Seeing a “CHECK_NRPE: Error – Could not complete SSL handshake” error can be a problem in monitoring setups, but with careful configuration and permissions, it can be fixed quickly. The key is making sure the NRPE service on remote servers is set to allow connections from your Nagios server, allowing smooth and secure communication. By following these steps, system administrators can easily solve this issue and keep strong monitoring across their networks.