Hello all!
I have an Icinga2 server (icinga2-2.11.3 running on 11.3-RELEASE-p10 amd64 installed from pkg) which is doing quite well. Recently I had a problem on a web server not reloading the ssl certificates and icinga2 properly issued the warning. The problem is that when the problem is fixed icinga2 continues warning ad
if nothing was changed. If I try by hand using the http check I get an OK status.
I’m pretty sure I messed up the configuration… 
here is the check done by hand:
Before the fix:
/usr/local/libexec/nagios/check_http -H www.vespaperitivo.it -I 212.45.144.19 -u / -p 443 -w 10 -c 2 --ssl -C 10,3
WARNING - Certificate ‘www.vespaperitivo.it’ expires in 10 day(s) (Tue Jun 30 03:57:33 2020 +0000).
After the fix:
/usr/local/libexec/nagios/check_http -H www.vespaperitivo.it -I 212.45.144.19 -u / -p 443 -w 10 -c 2 --ssl -C 10,3
OK - Certificate ‘www.vespaperitivo.it’ will expire on Sat Sep 12 03:57:33 2020 +0000.
The configuration:
in service.conf:
apply Service “https_Cert” {
import “generic-service”
check_interval = 8h
check_command = “http”
vars.http_uri = “/”
vars.http_ssl = true
vars.http_certificate = 10
assign where host.vars.ssl_certificate == “LetsEncrypt”
}
The hosts.conf:
object Host “www.vespaperitivo.it” {
/* Import the default host template defined in templates.conf. */
import “generic-host”
/* Specify the address attributes for checks e.g. ssh or http. */
address = “212.45.144.19”
address6 = null
/* Set custom attribute os for hostgroup assignment in groups.conf. */
vars.os = “Linux-outside”
vars.FTP_Server = “online”
/* Define http vhost attributes for service apply rules in services.conf. */
vars.http_vhost = “www.vespaperitivo.it”
vars.http_vhosts[“http”] = {
http_uri = “/nah.php”
}
vars.ssl_certificate = “LetsEncrypt”
/* Define notification mail attributes for notification apply rules in notifications.conf. /
vars.notification[“mail”] = {
/ The UserGroup icingaadmins is defined in users.conf. */
groups = [ “icingaadmins”, “icingabrewers” ]
}
}
If I restart the service nothing changes. If I change the value of something in the service (if I set vars.http_certificate = 9), the warnings stop.
What have I messed up?
Thanks in advance,
Luciano.