Hi all,
starting from some days ago, which could coincide with zabbix agent upgrade to 7.0.17, I started to get this error on a item using zabbix agent and "web.certificate.get" when trying to get SSL certificate details from a site.
I took a look to zabbix agent logs in verbose mode but I didn't find anything usefull
Doing a curl or a openssl trace gives this error
Looking around I found that it could be realted to secure renegotiation not supported on server side, as explained here: https://stackoverflow.com/questions/...ation-disabled
Adding the "UnsafeLegacyRenegotiation" parameter in the openssl.cfg works, but still in zabbix agent I get the same error.
Anybody has any clue on how to tell zabbix agent to use the same parameter when fetching SSL certs data?
Thank you
Sergio
starting from some days ago, which could coincide with zabbix agent upgrade to 7.0.17, I started to get this error on a item using zabbix agent and "web.certificate.get" when trying to get SSL certificate details from a site.
I took a look to zabbix agent logs in verbose mode but I didn't find anything usefull
2025/08/22 07:54:42.052083 failed to execute direct exporter task for key 'web.certificate.get[[mysite]]' error: 'Cannot fetch data: remote error: tls: illegal parameter.'
Doing a curl or a openssl trace gives this error
curl: (35) OpenSSL/3.0.13: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Looking around I found that it could be realted to secure renegotiation not supported on server side, as explained here: https://stackoverflow.com/questions/...ation-disabled
Adding the "UnsafeLegacyRenegotiation" parameter in the openssl.cfg works, but still in zabbix agent I get the same error.
Anybody has any clue on how to tell zabbix agent to use the same parameter when fetching SSL certs data?
Thank you
Sergio
Comment