CRL check jamming on

My domain is:,, and others

I ran this command: /usr/lib64/nagios/plugins/check_ssl_cert --altnames --cn --critical 7 --host --ignore-sct --ignore-tls-renegotiation --selfsigned --sni --warning 28

It produced this output: None, it times out!

We have been seeing sporadic failure of check_ssl_cert (check_ssl_cert by matteocorti) in Icinga over the past few days. Running strace on check_ssl_cert shows it jamming on a connection to an address:

$ strace -f /usr/lib64/nagios/plugins/check_ssl_cert --altnames --cn --critical 7 --host --ignore-sct --ignore-tls-renegotiation --selfsigned --sni --warning 28
[pid 15664] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("")}, 16) = -1 EINPROGRESS (Operation now in progress)
[pid 15664] select(4, NULL, [3], NULL, {tv_sec=120, tv_usec=0}^C <unfinished ...>

$ host is an alias for is an alias for
[...] has address

Currently we are seeing bursts of problems, always with, several times a day, lasting half and hour or so each time. The problems only started in the past few days - we've previously been successfully running check_ssl_cert for months.

Is this a known problem? Or some Akamai issue?

Thanks for any suggestions.

Hi @jonhalettuob, and welcome to the LE community forum :slight_smile:

I'm unfamiliar with:

What does this parameter do?
And why is there an IP used instead of an FQDN?

1 Like

If you're intermittently losing connectivity to that Akamai host from your network, it might help to also include:

  • What network/IP Icinga is connecting from
  • traceroute to that Akamai host when things are working
  • traceroute to that Akamai host when things are not working
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.