blackbox probe : x509: certificate signed by unknown authority"

2,527 views
Skip to first unread message

meryem elallaoui

unread,
Apr 16, 2020, 7:30:59 AM4/16/20
to Prometheus Users

Hello, i try to configure blackbox with Prometheus for the monitoring of HTTP, HTTPS application, but when i try curl, i get "probe_success 0 " :


Capture.PNG



my Blackbox.yml configuration :
modules:
http_2xx:
prober: http
timeout: 10s
http:
valid_http_versions: ["HTTP/1.0", "HTTP/1.1", "HTTP/2"]
valid_status_codes: []
method: GET
no_follow_redirects: false
fail_if_ssl: false
fail_if_not_ssl: false
tls_config:
insecure_skip_verify: false
preferred_ip_protocol: "ip4"
ip_protocol_fallback: false



with curl debug :




Logs for the probe:
ts=2020-04-16T10:04:01.453471937Z caller=main.go:118 module=http_2xx target=https://applicationName:port/ level=info msg="Beginning probe" probe=http timeout_seconds=9.5
ts=2020-04-16T10:04:01.453565009Z caller=utils.go:42 module=http_2xx target=https://applicationName:port/ level=info msg="Resolving target address" ip_protocol=ip4
ts=2020-04-16T10:04:01.454092043Z caller=utils.go:75 module=http_2xx target=https://applicationName:port/ level=info msg="Resolved target address" ip=ipaddress
ts=2020-04-16T10:04:01.454125263Z caller=http.go:349 module=http_2xx target=https://applicationName:port/ level=info msg="Making HTTP request" url=https://ipaddress:port/ host=applicationName:port/
ts=2020-04-16T10:04:01.464877041Z caller=http.go:364 module=http_2xx target=https://applicationName:port/ level=error msg="Error for HTTP request" err="Get https://ipaddress:port/: x509: certificate signed by unknown authority"
ts=2020-04-16T10:04:01.464904152Z caller=http.go:450 module=http_2xx target=https://applicationName:port/ level=info msg="Response timings for roundtrip" roundtrip=0 start=2020-04-16T10:04:01.454178431Z dnsDone=2020-04-16T10:04:01.454178431Z connectDone=2020-04-16T10:04:01.454534045Z gotConn=0001-01-01T00:00:00Z responseStart=0001-01-01T00:00:00Z end=0001-01-01T00:00:00Z
ts=2020-04-16T10:04:01.464924149Z caller=main.go:131 module=http_2xx target=https://applicationName:port/ level=error msg="Probe failed" duration_seconds=0.0114166



what i am missing ?
Thanks

Julius Volz

unread,
Apr 16, 2020, 7:40:51 AM4/16/20
to meryem elallaoui, Prometheus Users
Sounds like you're using a self-signed certificate ("signed by unknown authority"), so the Blackbox Exporter doesn't know to trust it by default.

You can either disable TLS certificate checks (which comes with a security penalty) by setting the "insecure_skip_verify" option to "true" (see https://github.com/prometheus/blackbox_exporter/blob/3a08e67780bcb728a42cbf00ba03e0bd363a8e8e/CONFIGURATION.md#tls_config) or you can install your private CA on your Blackbox Exporter host so that the Blackbox Exporter trusts certs signed by it.

--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/5f559b11-1a56-46c2-b552-b1756a5ac6c3%40googlegroups.com.

meryem elallaoui

unread,
Apr 16, 2020, 7:53:04 AM4/16/20
to Prometheus Users
Thanks a lot for your help its working now by replacing false by true
Reply all
Reply to author
Forward
0 new messages