Service - check_ssl_cert - librenms different results vs CLI, same parameters & binary on-disk used,

  • Description:

I’m trying to get LibreNMS to monitor the cert expiry against an nginx-backed reverse-proxy server, which serves multiple domains. When I issue the same commands at the CLI, as are passed via the Services python script, I get different certs passed back to me, so the results are different for what seems to be an identical command. At this point, I am out of ideas as to where the fault could be, so I really need help here.

  • Validate:
Component Version
LibreNMS 1.48.1-78-g5d3a28683
DB Schema 2019_02_10_220000_add_dates_to_fdb (132)
PHP 7.2.10-0ubuntu0.18.04.1
MySQL 5.7.25-0ubuntu0.18.04.2
RRDTool 1.7.0


[OK] Composer Version: 1.8.4
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct

  • check_ssl_cert version info:

:/usr/lib/nagios/plugins# ./check_ssl_cert -V
check_ssl_cert version 1.81.0

  • CLI Command “/usr/lib/nagios/plugins/check_ssl_cert -H targetserver -A --sni” results:

SSL_CERT OK - x509 certificate ‘*’ from ‘COMODO RSA Domain Validation Secure Server CA’ valid until Jun 14 23:59:59 2019 GMT (expires in 110 days)|days=110;;;;

  • LibreNMS “./check-services.php -d” (ran as librenms user) results:

Nagios Service - 9
Request: ‘/usr/lib/nagios/plugins/check_ssl_cert’ ‘-H’ ‘targetserver’ ‘-A’ ‘–sni’ ‘
Perf Data - DS: days, Value: 89, UOM:
Response: SSL_CERT OK - x509 certificate ‘’ from ‘Let’s Encrypt Authority X3’ valid until May 25 17:44:44 2019 GMT (expires in 89 days)
Service DS: {
“days”: “”

  • Help!

So yeah, at this point, I don’t understand why I’m getting different behaviour here. It looks literally identical to me. Halp! D:

Anyone? I really need to get this sorted D:

bump 10char bump

It probably has to do with the escaping the script does. (notice the quotes) Try to remove those to pinpoint the issue.

How do you propose I achieve removing the quotes? I’m not using quotes in the Service configuration via the webGUI. So, not 100% sure what you’re proposing here. Can you clarify? :slight_smile:

Run this command by hand:

'/usr/lib/nagios/plugins/check_ssl_cert' '-H' 'targetserver' '-A' '–sni' ''

When you first run it you should get the same output the poller gets.

By the way, I’d like to clarify the service script actually uses “–sni” (as in two dashes) but I think the forum may have combined it into one when I posted.

When I run the above command at the CLI, as librenms user, it returns the correct cert. I copied your text and replaced with the appropriate variables.

I then re-ran the services python script in debug again, and then it returned the wrong cert.

So now I’m even more confused! @_@

Don’t run the command I posted. Copy and paste the command from the script debug. You or I are probably unknowingly correcting the error.


TYPO. equivalent. GO ME

Thanks for your patience! :smiley: lolool sorry D: