Closed sblive closed 10 months ago
It's an error. I have to check why it's trying with IPv6 (was never the idea to switch automatically...)
Is the host listed in /etc/hosts? How?
no, none are listed in hosts, all come from same public DNS, as they are the same domain. doing an nslookup results in exactly 1 IPv4 address, so no difference to other targets which work.
Thanks! :)
Mmm then a check is wrong :-) as I see
Host listed in /etc/hosts
I check with
if "${GREP_BIN}" -q "[[:blank:]]${HOST}[[:blank:]]*$" /etc/hosts ; then
Can you please check again it maybe the host is mentioned in a comment? Or in as a part of another host?
I just pushed a new commit with some more debugging output (a43123c)
Can you please check what is printed after:
[DBG] Host listed in /etc/hosts as
Maybe I found a possible problem that I fixed with e817812 Can you please test it and let me know?
oh yes, it is mentioned in a comment, but not even that has an IPv6 (it's an old, valid entry with a # before) - so if that was the issue it should work now
Thanks, I'll release a new version with the fix
Describe the bug
We check ~100 Hosts in a single domain. Some hosts of same domain get tried as IPv6 and therefore fail nmap (which doesn't have IPv6 support here) and then fail completely with "connection refused". Using "-d" reveals trying "nmap -6" which fails. Adding "-4" fixes it, but I don't get why some subdomains are different. None use IPv6 and the host does not support IPv6 anyway. If the host does not support IPv6, it should never be tried and a specific error should be shown.
To Reproduce
check_ssl_cert -H XXX
System (please complete the following information):
openssl version
): 3.0.10Additional context/output