Error: Address does not match first address, not sending TLS ServerName
555 views
Skip to first unread message
scott howard
Aug 9, 2021, 1:03:21 PM8/9/21
to Prometheus Users
Hi, I am trying to monitor two websites that are giving me the same error message:
Logs for the probe: ts=2021-08-09T16:37:01.8255598Z caller=main.go:320 module=http_2xx target=http://site.name.com level=info msg="Beginning probe" probe=http timeout_seconds=5 ts=2021-08-09T16:37:01.8256913Z caller=http.go:335 module=http_2xx target=http://site.name.com level=info msg="Resolving target address" ip_protocol=ip6 ts=2021-08-09T16:37:01.9374732Z caller=http.go:335 module=http_2xx target=http://site.name.com level=info msg="Resolving target address" ip_protocol=ip4 ts=2021-08-09T16:37:01.9790936Z caller=http.go:335 module=http_2xx target=http://site.name.com level=info msg="Resolved target address" ip=52.203.98.205 ts=2021-08-09T16:37:01.9791804Z caller=client.go:251 module=http_2xx target=http://site.name.com level=info msg="Making HTTP request" url=http://52.203.98.205 host=site.name.com ts=2021-08-09T16:37:02.0522656Z caller=client.go:492 module=http_2xx target=http://site.name.com level=info msg="Received redirect" location=https://site.name.com/ ts=2021-08-09T16:37:02.0524034Z caller=client.go:251 module=http_2xx target=http://site.name.com level=info msg="Making HTTP request" url=https://site.name.com/ host= ts=2021-08-09T16:37:02.0524181Z caller=client.go:251 module=http_2xx target=http://site.name.com level=info msg="Address does not match first address, not sending TLS ServerName" first=******* address=site.name.com ts=2021-08-09T16:37:02.255926Z caller=main.go:130 module=http_2xx target=site.name.com level=info msg="Received HTTP response" status_code=403 ts=2021-08-09T16:37:02.2559625Z caller=main.go:130 module=http_2xx target=http://site.name.com level=info msg="Invalid HTTP response status code, wanted 2xx" status_code=403 ts=2021-08-09T16:37:02.2560565Z caller=main.go:130 module=http_2xx target=http://site.name.com level=info msg="Response timings for roundtrip" roundtrip=0 start=2021-08-09T16:37:01.9792802Z dnsDone=2021-08-09T16:37:01.9792802Z connectDone=2021-08-09T16:37:02.0131085Z gotConn=2021-08-09T16:37:02.01315Z responseStart=2021-08-09T16:37:02.0521945Z tlsStart=0001-01-01T00:00:00Z tlsDone=0001-01-01T00:00:00Z end=0001-01-01T00:00:00Z ts=2021-08-09T16:37:02.2561015Z caller=main.go:130 module=http_2xx target=http://site.name.com level=info msg="Response timings for roundtrip" roundtrip=1 start=2021-08-09T16:37:02.05246Z dnsDone=2021-08-09T16:37:02.1014138Z connectDone=2021-08-09T16:37:02.1370135Z gotConn=2021-08-09T16:37:02.2206592Z responseStart=2021-08-09T16:37:02.2558302Z tlsStart=2021-08-09T16:37:02.1370956Z tlsDone=2021-08-09T16:37:02.2205688Z end=2021-08-09T16:37:02.256044Z ts=2021-08-09T16:37:02.2562038Z caller=main.go:320 module=http_2xx target=http://site.name.com level=error msg="Probe failed" duration_seconds=0.4306021
Blackbox config:
Logs for the probe: ts=2021-08-09T16:37:01.8255598Z caller=main.go:320 module=http_2xx target=http://site.name.com level=info msg="Beginning probe" probe=http timeout_seconds=5 ts=2021-08-09T16:37:01.8256913Z caller=http.go:335 module=http_2xx target=http://site.name.com level=info msg="Resolving target address" ip_protocol=ip6 ts=2021-08-09T16:37:01.9374732Z caller=http.go:335 module=http_2xx target=http://site.name.com level=info msg="Resolving target address" ip_protocol=ip4 ts=2021-08-09T16:37:01.9790936Z caller=http.go:335 module=http_2xx target=http://site.name.com level=info msg="Resolved target address" ip=52.203.98.205 ts=2021-08-09T16:37:01.9791804Z caller=client.go:251 module=http_2xx target=http://site.name.com level=info msg="Making HTTP request" url=http://52.203.98.205 host=site.name.com ts=2021-08-09T16:37:02.0522656Z caller=client.go:492 module=http_2xx target=http://site.name.com level=info msg="Received redirect" location=https://site.name.com/ ts=2021-08-09T16:37:02.0524034Z caller=client.go:251 module=http_2xx target=http://site.name.com level=info msg="Making HTTP request" url=https://site.name.com/ host= ts=2021-08-09T16:37:02.0524181Z caller=client.go:251 module=http_2xx target=http://site.name.com level=info msg="Address does not match first address, not sending TLS ServerName" first=******* address=site.name.com ts=2021-08-09T16:37:02.255926Z caller=main.go:130 module=http_2xx target=site.name.com level=info msg="Received HTTP response" status_code=403 ts=2021-08-09T16:37:02.2559625Z caller=main.go:130 module=http_2xx target=http://site.name.com level=info msg="Invalid HTTP response status code, wanted 2xx" status_code=403 ts=2021-08-09T16:37:02.2560565Z caller=main.go:130 module=http_2xx target=http://site.name.com level=info msg="Response timings for roundtrip" roundtrip=0 start=2021-08-09T16:37:01.9792802Z dnsDone=2021-08-09T16:37:01.9792802Z connectDone=2021-08-09T16:37:02.0131085Z gotConn=2021-08-09T16:37:02.01315Z responseStart=2021-08-09T16:37:02.0521945Z tlsStart=0001-01-01T00:00:00Z tlsDone=0001-01-01T00:00:00Z end=0001-01-01T00:00:00Z ts=2021-08-09T16:37:02.2561015Z caller=main.go:130 module=http_2xx target=http://site.name.com level=info msg="Response timings for roundtrip" roundtrip=1 start=2021-08-09T16:37:02.05246Z dnsDone=2021-08-09T16:37:02.1014138Z connectDone=2021-08-09T16:37:02.1370135Z gotConn=2021-08-09T16:37:02.2206592Z responseStart=2021-08-09T16:37:02.2558302Z tlsStart=2021-08-09T16:37:02.1370956Z tlsDone=2021-08-09T16:37:02.2205688Z end=2021-08-09T16:37:02.256044Z ts=2021-08-09T16:37:02.2562038Z caller=main.go:320 module=http_2xx target=http://site.name.com level=error msg="Probe failed" duration_seconds=0.4306021
Blackbox config:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
fail_if_not_ssl: false
follow_redirects: true
tls_config:
insecure_skip_verify: true
valid_status_codes: [] #default to 2xx
method: GET
I am also monitoring aroudn 10 other websites that are all https instead of http and those work fine. Also, if I put the redirect address as the address to monitor instead of the regular site name, the probe is successful.
Ex. http://site.name.com/login passes, but http:// site.name.com fails
Brian Candler
Aug 9, 2021, 1:16:34 PM8/9/21
to Prometheus Users
Just a guess, but a redirect gives a 3xx status code. Hence the error: "Invalid HTTP response status code, wanted 2xx"
scott howard
Aug 9, 2021, 1:35:07 PM8/9/21
to Prometheus Users
Hmm, it does also say "msg="Received HTTP response" status_code=403". Maybe the first page is giving 403 even though it's redirecting?
scott howard
Aug 9, 2021, 2:05:14 PM8/9/21
to Prometheus Users
Okay question: The site that is being probed by bbe is hosted on aws and has some very strict firewall rules. My computer's IP address is allowed, but now I am wondering if the problem is that it's being denied because the site receives a request from the IP address of my docker container. Does anybody know if that is the case? Does a request made from docker use my computers public IP address or something else?
Brian Candler
Aug 9, 2021, 3:55:16 PM8/9/21
to Prometheus Users
If it were denied by an AWS firewall rule ("security group"), the client would not be able to establish a TCP connection and you would not see *any* response code.
Given that this is http not https, you can easily see the traffic exchange using tcpdump. Something like this (on the server where blackbox_exporter is running):
tcpdump -i eth0 -nn -s0 -A host site.name.come
Brian Candler
Aug 9, 2021, 4:04:03 PM8/9/21
to Prometheus Users
Another thing you can try is using 'curl' on the machine where bbe is running:
curl -v http://site.name.com
curl -Lv http://site.name.com # -L = follow redirects
Check the response, status code, whether there's a Location: header etc.
When you've got a curl query that you're happy with, then you can convert it into corresponding bbe configuration.
Reply all
Reply to author
Forward
0 new messages