What is the cause of "wrong version number"?

I’m struggling with getting the API to work - I get the following error:

root@enlil:~/icinga/tools# curl -vv -X PUT -H 'Accept:application/json' -u root:5adf85042d7d937f --cacert /var/lib/icinga2/certs/ca.crt https://vogon.comind.io:80/v1/objects/hosts/enlil
*   Trying
* Connected to vogon.comind.io ( port 80 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /var/lib/icinga2/certs/ca.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* (5454) (IN), , Unknown (72):
* error:0A00010B:SSL routines::wrong version number
* Closing connection 0
curl: (35) error:0A00010B:SSL routines::wrong version number

I have googled for it, but nothing seems to match my case - and I’m not sure I actually understand what this is all about. I had it working - at least better than this - but a colleague had ‘helpfully’ installed Director, which seemed to mess up what I am trying to do, which is to be able to use the API without Director, basically. Thus, I wiped out the installation on the server (apt purge ...), deleted anything that looked like icinga2, and reinstalled from scratch; and now I have this problem.

Packet tracing with tcpdump reveals little beside the fact that a PUT request is sent to the server; nothing is recorded in the logs, it seems, including icinga2.log, icingaweb2.log and apache2/access.log.

So, any recommendations about how I can troubleshoot this?

This is my installation:

root@vogon:/etc/apache2/sites-available# icinga2 -V
icinga2 - The Icinga 2 network monitoring daemon (version: r2.13.7-1)

Copyright (c) 2012-2023 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
  Platform: Debian GNU/Linux
  Platform version: 11 (bullseye)
  Kernel: Linux
  Kernel version: 5.10.0-13-amd64
  Architecture: x86_64

Build information:
  Compiler: GNU 10.2.1
  Build host: runner-hh8q3bz2-project-575-concurrent-0
  OpenSSL version: OpenSSL 1.1.1n  15 Mar 2022

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid

root@vogon:/etc/apache2/sites-available# icinga2 feature list
Disabled features: command compatlog debuglog elasticsearch gelf graphite influxdb influxdb2 livestatus opentsdb perfdata statusdata syslog
Enabled features: api checker icingadb mainlog notification

Icinga api is on port 5665

I know - when I tried that before, I got a REALLY odd message; and in the past (some 3+ years ago) I had set it up, successfully, to use port 80. However, it seems you are right, because when I tried port 5665 just now, I got a more likely error:

* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Server: Icinga/r2.13.7-1
< Content-Type: application/json
< Content-Length: 315
* Connection #0 to host vogon.comind.io left intact
{"results":[{"code":500,"errors":["Error: Validation failed for object 'enlil' of type 'Host'; Attribute 'check_command': Attribute must not be empty.\nLocation: in /var/lib/icinga2/api/packages/_api/c7cb4fc3-57b3-44a3-aea4-ffac2f643d3e/conf.d/hosts/enlil.conf: 1:0-1:18"],"status":"Object could not be created."}]}
  • which I still think is surprising, because check_command should be set in the template, I think. But it’s something to go and check. Thanks for pointing me this way!