CHECK_NRPE: Error – Could not complete SSL handshake

We have already discussed about Nagios installation on RHEL based systems, Nagios installation on Debian based systems, Add Remote Linux Host to Nagios Server & Add Remote Windows Host to Nagios Server. Alternatively you can install other network monitoring tools such as Zabbix, Monitorix, Cacti, Munin & Icinga2.

Many of us has been experiencing the “CHECK_NRPE: Error – Could not complete SSL handshake”. Why its happening ? It was happen when NRPE server is not allowing to access service from Nagios server. What we can do ? Don’t worry nothing is there to think much, You need to add nagios server ip into nrpe configuration file to solve the issue.

I’m trying to access remote host from my nagios server. I got below error message but i can able to get the output within host (locally).

# /usr/local/nagios/libexec/check_nrpe -H x.x.x.x (Remote server IP)
CHECK_NRPE: Error - Could not complete SSL handshake.

See the below screen shot. Our remote client not talking with Nagios server.

It was working fine with localhost.

# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.13

Add the Nagios server IP into nrpe.cfg file, if you installed nrpe alone.

# vi /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1,x.x.x.x

On Debian, Ubuntu, Linux Mint:

$ sudo service nagios-nrpe-server restart

On CentOS, Fedora or RHEL:

# service nagios restart

Add the Nagios server IP into nrpe file, if you installed NRPE daemon as a service under xinetd.

# nano /etc/xinetd.d/nrpe
only_from = 127.0.0.1 x.x.x.x

# Restart the xinetd service #
# service xinetd restart

Verifying NRPE Service Status from log file (For Debian based system /var/log/syslog & RHEL based system /var/log/messages).

# tail -f /var/log/syslog
Aug 11 08:46:45 2daygeek.prod nrpe[30484]: Starting up daemon
Aug 11 08:46:45 2daygeek.prod nrpe[30484]: Listening for connections on port 5666
Aug 11 08:46:45 2daygeek.prod nrpe[30484]: Allowing connections from: 127.0.0.1,x.x.x.x

Verifying NRPE listening port.

# netstat -tpln | grep 5666
tcp        0      0 0.0.0.0:5666            0.0.0.0:*               LISTEN      30484/nrpe

Check Again whether NRPE can able to talk with remote host or not.

# /usr/local/nagios/libexec/check_nrpe -H x.x.x.x (Remote server IP)
NRPE v2.12

See the below screen shot. Our remote client start talking with Nagios server.

Leave a Reply

Your email address will not be published. Required fields are marked *