My domain is: ukllc.ac.uk, www.edqual.org, and others
I ran this command: /usr/lib64/nagios/plugins/check_ssl_cert --altnames --cn ukllc.ac.uk --critical 7 --host 172.25.3.77 --ignore-sct --ignore-tls-renegotiation --selfsigned --sni ukllc.ac.uk --warning 28
It produced this output: None, it times out!
We have been seeing sporadic failure of check_ssl_cert (check_ssl_cert by matteocorti) in Icinga over the past few days. Running strace on check_ssl_cert shows it jamming on a connection to an r3.o.lencr.org address:
$ strace -f /usr/lib64/nagios/plugins/check_ssl_cert --altnames --cn ukllc.ac.uk --critical 7 --host 172.25.3.77 --ignore-sct --ignore-tls-renegotiation --selfsigned --sni ukllc.ac.uk --warning 28
[...]
[pid 15664] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("23.55.58.67")}, 16) = -1 EINPROGRESS (Operation now in progress)
[pid 15664] select(4, NULL, [3], NULL, {tv_sec=120, tv_usec=0}^C <unfinished ...>
$ host r3.o.lencr.org
r3.o.lencr.org is an alias for o.lencr.edgesuite.net.
o.lencr.edgesuite.net is an alias for a1887.dscq.akamai.net.
[...]
a1887.dscq.akamai.net has address 23.55.58.67
[...]
Currently we are seeing bursts of problems, always with 23.55.58.67, several times a day, lasting half and hour or so each time. The problems only started in the past few days - we've previously been successfully running check_ssl_cert for months.
Is this a known problem? Or some Akamai issue?
Thanks for any suggestions.