monit with ssl (https)

by Rastaf   Last Updated January 03, 2018 11:00 AM

I recently installed monit (on debian) and everything is working fine. Now I would like to enable ssl support. I did what I found in the documentation:

set httpd port 2812
  ssl enable
  pemfile /etc/ssl/certs/ssl-cert-snakeoil.pem

Now not only can I not reach the server through the web with, but the communication between the monit daemon and the monit command fails as well:

$# monit status
monit: Openssl read timeout error!
monit: error connecting to the monit daemon

Answers 2

Seems you did not generate a SSL certificate. Here some pointers (i've done it on my Ubuntu).

Ensure Openssl is available on your system, if not apt-get install openssl

  • Create folder /var/certs
  • Navigate to this folder cd /var/certs
  • create a file named monit.cnf and copy/paste the following into it, then save and close the file :
#create RSA certs - Server
   RANDFILE = ./openssl.rnd
   [ req ]
   default_bits = 1024
   encrypt_key = yes
   distinguished_name = req_dn
   x509_extensions = cert_type
   [ req_dn ]
   countryName = Country Name (2 letter code)
   countryName_default = MO
   stateOrProvinceName    = Ile de France
   stateOrProvinceName_default     = Monitoria
   localityName                    = Paris
   localityName_default            = Monittown
   organizationName                = the_company
   organizationName_default        = Monit Inc.
   organizationalUnitName          = Organizational Unit Name
   organizationalUnitName_default  = Dept. of Monitoring Technologies
   commonName                      = Common Name (FQDN of your server)
   commonName_default              =
   emailAddress                    = Email Address
   emailAddress_default            = [email protected]
   [ cert_type ]
   nsCertType = server
  • Then run (press enter each time you are prompted for infos) :

openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem

  • Set permissions : chmod 700 /var/certs/monit.pem (in my case user:group for pem file is root:root)

Set the following in your monitrc config file :

set httpd port 2812
   ssl enable
   pemfile /var/certs/monit.pem 
   allow user:pass

Restart monit

Should work ! Now it's up to you to put your real infos in the monit.cnf file and run the openssl command again.

January 15, 2014 16:42 PM

The problem is missing allow user:pass line.

January 03, 2018 10:16 AM

Related Questions

How can I restart "monit" when it stops or crashes?

Updated April 22, 2015 05:00 AM

Debian: How to upgrade MONIT correctly?

Updated June 02, 2016 08:00 AM

Apache with mixed http only and http/s virtualhost

Updated April 27, 2017 00:00 AM

How do I remove ^null$ errors from Logwatch?

Updated May 06, 2017 17:00 PM

My server only serves https

Updated November 25, 2017 17:00 PM