NRPE – CHECK_NRPE: Error – Could Not Complete SSL Handshake

So you have installed nrpe on your Linux server and add it to Nagios but
you meet this famous error :

CHECK_NRPE: Error - Could Not Complete SSL Handshake

Don’t worry, in this article we will explain why this error appears and how to resolve it.

Why this error appears ?

If you are new to NRPE , this error is the most common of all error messages and one of the first you will experience.

The are different  causes of this error, but the most likely one is that the Nagios XI server’s IP address is not defined as authorized to communicate with NRPE.

To check that, it depends if you are using xinetd as the daemon to run NRPE or if NRPE has it’s own dedicated daemon ( nrpe file ).

To check which one you are using, just verify the existing of files bellow :

If you are using xinetd, you get output like this:

#ls -lh /etc/xinetd.d/nrpe
-rw-r--r--. 1 root root 483 Sep 15 16:30 /etc/xinetd.d/nrpe

If nrpe has it’s own daemon, you get output like this :

#ls -lh /etc/xinetd.d/nrpe
ls: cannot access /etc/xinetd.d/nrpe: No such file or directory

Xinetd : Steps to follow

If you’re using xinetd to control NRPE ( like me ), you need just to edit « /etc/xinetd.d/nrpe » file and add Nagios’s IP adress.

# vi /etc/xinetd.d/nrpe

Find this line and add your Nagios IP address :

only_from = 127.0.0.1 <Nagios_server's_IP_address>

change <Nagios_server’s_IP_address> to your actual Nagios server IP address. This list is a space-delimited list.

Note that you should note delete 127.0.0.1, as it allows you to troubleshoot NRPE issues locally.

After that, restart xinetd service :

#service xinetd restart

NRPE.CFG : Steps to follow

If you’re using  a dedicated daemon for NRPE, the you need to edit « /usr/local/nagios/etc/nrpe.cfg » file, its a nrpe file configuration :

# vi /usr/local/nagios/etc/nrpe.cfg

Find this line and add your Nagios IP address :

only_from = 127.0.0.1,<Nagios_server's_IP_address>

unlike xinetd/nrpe, this list is a comma-delimited list.

After that, restart nrpe service :

#service nrpe restart