SSL error which occurs pretty often causing many false alerts.

[JasperTheMinecraftDev]

📑 I have found these related issues/pull requests

Related to #2872

🛡️ Security Policy

• I agree to have read this project Security Policy

Description

Hey there, thanks for crafting such an awesome application! Currently, I'm hosting it on HomeAssistant within my local environment, alongside a plethora of other services. However, I've encountered an issue with SSL errors popping up in Uptime Kuma for my public HTTPS sites.

Just a heads-up: I've tried replicating the issue across various browsers without success. The sites are functioning smoothly, and their SSL certificates are both valid and operational. These sites are hosted on CloudFlare. The hiccup is that Uptime Kuma throws SSL errors and flags the sites as down, despite having "ignore SSL errors" checked(and of course, despite having valid certs xD).

Now, to cut to the chase, I've set up Discord webhooks to receive notifications. Here's an example from a notification I received regarding an SSL error:

@everyone New notification, check it out in [Uptime Kuma](http://192.168.2.195:3001/)
❌ Your service Pterodactyl went down. ❌
Service Name
Pterodactyl
Service URL
[REDACTED]
Time (Europe/Amsterdam)
2024-05-01 22:27:07
Error
write EPROTO D8295AF2917F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:../deps/openssl/openssl/ssl/record/ssl3_record.c:622:
Today at 10:27 PM

A minute later, during the next check, everything is back to normal, and the service is reported as online again.

This issue doesn't show up consistently but it does so frequently. Is there a known fix for this, or could the developers take a look at it? Really annoying to get spammed with downtime notifications if they're actually up.

👟 Reproduction steps

Add an HTTPS site, give it some time and get SSL errors.

👀 Expected behavior

It shouldn't throw SSL errors.

😓 Actual Behavior

It threw SSL errors.

🐻 Uptime-Kuma Version

1.23.13

💻 Operating System and Arch

HomeAssistant,

🌐 Browser

Chrome on my Windows PC.

🖥️ Deployment Environment

• Runtime: Docker I assume? Not sure what HA uses.
• Database: SQLite
• Filesystem used to store the database on: SSD
• number of monitors: 15

📝 Relevant log output

No response

[JasperTheMinecraftDev]

And this is an less frequent but occuring error too:

getaddrinfo EAI_AGAIN [REDACTED]

[CommanderStorm]

Regarding the ssl eror:
That it pops up when you have set it to ignore them would be a bug.
Can you share more details what you are monitoring how exactly
=> so I/somebody else can have a look?

This sounds pretty similar to #4520
=> could you check that your host is not ping-ponging between certs?

[CommanderStorm]

Regarding

And this is an less frequent but occuring error too:

getaddrinfo EAI_AGAIN [REDACTED]

This error message means that the dns request has failed. Node.js itself doesn't perform any DNS caching, it delegates everything DNS related to the OS.

• if you run docker:
  Go to the general settings and activate nscd (Name Service Caching Daemon) to honoer the TTL you set in your DNS configuration
• If you are running node:
  Please configure your system to use dns caching.

Increasing the retry setting is also a valid approach to solve this in both cases.

[JasperTheMinecraftDev]

Thanks for your responses! How can I check the ping-poinging between certs and how can I adjust these DNS settings if I run it Proxmox using the HA LXC container?

[CommanderStorm]

How can I check the ping-poinging between certs

Pleaese see the comment I hinted at above:

• The notification of "server certificate expired send too many #4520 (comment)

how can I adjust these DNS settings

You can adjust the DNS settings where you set up your DNS routes => at your DNS-Provider.

In case by the comment about HA LXC container you are asking how to set up nscd on a non docker machine:
We don't directly support that deployment path (Idk how this is packaged)
=> please contact the source you are getting this from or read through this issue:

• [tteck, LXC] dns caching disabled #4699

[JasperTheMinecraftDev]

How can I check the ping-poinging between certs

Pleaese see the comment I hinted at above:

• The notification of "server certificate expired send too many #4520 (comment)

how can I adjust these DNS settings

You can adjust the DNS settings where you set up your DNS routes => at your DNS-Provider.

In case by the comment about HA LXC container you are asking how to set up nscd on a non docker machine: We don't directly support that deployment path (Idk how this is packaged) => please contact the source you are getting this from or read through this issue:

• [tteck, LXC] dns caching disabled #4699

I enabled the caching and I did not get the EAI_AGAIN error(at least, not in the hour of testing I did)

Here's a screen of one of the sites that triggers the SSL cert error: