starred/uptime-kuma

Fork 0

mirror of https://github.com/louislam/uptime-kuma.git synced 2026-03-02 22:57:00 -05:00

SSL error which occurs pretty often causing many false alerts. #3310

New issue

Open

opened 2026-02-28 03:25:19 -05:00 by deekerman · 6 comments

deekerman commented

2026-02-28 03:25:19 -05:00

Owner

Originally created by @JasperTheMinecraftDev on GitHub (May 1, 2024).

Related to #2872

🛡️ Security Policy

I agree to have read this project Security Policy

Description

Hey there, thanks for crafting such an awesome application! Currently, I'm hosting it on HomeAssistant within my local environment, alongside a plethora of other services. However, I've encountered an issue with SSL errors popping up in Uptime Kuma for my public HTTPS sites.

Just a heads-up: I've tried replicating the issue across various browsers without success. The sites are functioning smoothly, and their SSL certificates are both valid and operational. These sites are hosted on CloudFlare. The hiccup is that Uptime Kuma throws SSL errors and flags the sites as down, despite having "ignore SSL errors" checked(and of course, despite having valid certs xD).

Now, to cut to the chase, I've set up Discord webhooks to receive notifications. Here's an example from a notification I received regarding an SSL error:

@everyone New notification, check it out in [Uptime Kuma](http://192.168.2.195:3001/)
❌ Your service Pterodactyl went down. ❌
Service Name
Pterodactyl
Service URL
[REDACTED]
Time (Europe/Amsterdam)
2024-05-01 22:27:07
Error
write EPROTO D8295AF2917F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:../deps/openssl/openssl/ssl/record/ssl3_record.c:622:
Today at 10:27 PM

A minute later, during the next check, everything is back to normal, and the service is reported as online again.

This issue doesn't show up consistently but it does so frequently. Is there a known fix for this, or could the developers take a look at it? Really annoying to get spammed with downtime notifications if they're actually up.

👟 Reproduction steps

Add an HTTPS site, give it some time and get SSL errors.

👀 Expected behavior

It shouldn't throw SSL errors.

😓 Actual Behavior

It threw SSL errors.

🐻 Uptime-Kuma Version

1.23.13

💻 Operating System and Arch

HomeAssistant,

🌐 Browser

Chrome on my Windows PC.

🖥️ Deployment Environment

Runtime: Docker I assume? Not sure what HA uses.
Database: SQLite
Filesystem used to store the database on: SSD
number of monitors: 15

📝 Relevant log output

No response

Originally created by @JasperTheMinecraftDev on GitHub (May 1, 2024). ### 📑 I have found these related issues/pull requests Related to #2872 ### 🛡️ Security Policy - [X] I agree to have read this project [Security Policy](https://github.com/louislam/uptime-kuma/security/policy) ### Description Hey there, thanks for crafting such an awesome application! Currently, I'm hosting it on HomeAssistant within my local environment, alongside a plethora of other services. However, I've encountered an issue with SSL errors popping up in Uptime Kuma for my public HTTPS sites. Just a heads-up: I've tried replicating the issue across various browsers without success. The sites are functioning smoothly, and their SSL certificates are both valid and operational. These sites are hosted on CloudFlare. The hiccup is that Uptime Kuma throws SSL errors and flags the sites as down, despite having "ignore SSL errors" checked(and of course, despite having valid certs xD). Now, to cut to the chase, I've set up Discord webhooks to receive notifications. Here's an example from a notification I received regarding an SSL error: ``` @everyone New notification, check it out in [Uptime Kuma](http://192.168.2.195:3001/) ❌ Your service Pterodactyl went down. ❌ Service Name Pterodactyl Service URL [REDACTED] Time (Europe/Amsterdam) 2024-05-01 22:27:07 Error write EPROTO D8295AF2917F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:../deps/openssl/openssl/ssl/record/ssl3_record.c:622: Today at 10:27 PM ``` A minute later, during the next check, everything is back to normal, and the service is reported as online again. This issue doesn't show up consistently but it does so frequently. Is there a known fix for this, or could the developers take a look at it? Really annoying to get spammed with downtime notifications if they're actually up. ### 👟 Reproduction steps Add an HTTPS site, give it some time and get SSL errors. ### 👀 Expected behavior It shouldn't throw SSL errors. ### 😓 Actual Behavior It threw SSL errors. ### 🐻 Uptime-Kuma Version 1.23.13 ### 💻 Operating System and Arch HomeAssistant, ### 🌐 Browser Chrome on my Windows PC. ### 🖥️ Deployment Environment - Runtime: Docker I assume? Not sure what HA uses. - Database: SQLite - Filesystem used to store the database on: SSD - number of monitors: 15 ### 📝 Relevant log output _No response_

deekerman added the

type:enhance-existing

labels

2026-02-28 03:25:19 -05:00

deekerman commented

2026-02-28 03:25:21 -05:00

Author

Owner

@JasperTheMinecraftDev commented on GitHub (May 1, 2024):

And this is an less frequent but occuring error too:

getaddrinfo EAI_AGAIN [REDACTED]

@JasperTheMinecraftDev commented on GitHub (May 1, 2024): And this is an less frequent but occuring error too: ``` getaddrinfo EAI_AGAIN [REDACTED] ```

deekerman commented

2026-02-28 03:25:24 -05:00

Author

Owner

@CommanderStorm commented on GitHub (May 1, 2024):

Regarding the ssl eror:
That it pops up when you have set it to ignore them would be a bug.
Can you share more details what you are monitoring how exactly
=> so I/somebody else can have a look?

This sounds pretty similar to https://github.com/louislam/uptime-kuma/issues/4520
=> could you check that your host is not ping-ponging between certs?

@CommanderStorm commented on GitHub (May 1, 2024): Regarding the ssl eror: That it pops up when you have set it to ignore them would be a bug. Can you share more details what you are monitoring how exactly => so I/somebody else can have a look? This sounds pretty similar to https://github.com/louislam/uptime-kuma/issues/4520 => could you check that your host is not ping-ponging between certs?

deekerman commented

2026-02-28 03:25:24 -05:00

Author

Owner

@CommanderStorm commented on GitHub (May 1, 2024):

Regarding

And this is an less frequent but occuring error too:
getaddrinfo EAI_AGAIN [REDACTED]

This error message means that the dns request has failed. Node.js itself doesn't perform any DNS caching, it delegates everything DNS related to the OS.

if you run docker:
Go to the general settings and activate nscd (Name Service Caching Daemon) to honoer the TTL you set in your DNS configuration
If you are running node:
Please configure your system to use dns caching.

Increasing the retry setting is also a valid approach to solve this in both cases.

@CommanderStorm commented on GitHub (May 1, 2024): Regarding > And this is an less frequent but occuring error too: > ``` > getaddrinfo EAI_AGAIN [REDACTED] > ``` This error message means that the dns request [has failed](https://stackoverflow.com/questions/40182121/whats-the-cause-of-the-error-getaddrinfo-eai-again). Node.js itself doesn't perform any DNS caching, it delegates everything DNS related to the OS. - if you run docker: Go to the general settings and activate [nscd (Name Service Caching Daemon)](https://de.wikipedia.org/wiki/Name_service_caching_daemon) to honoer the TTL you set in your DNS configuration - If you are running node: Please configure your system to use dns caching. Increasing the retry setting is also a valid approach to solve this in both cases.

deekerman commented

2026-02-28 03:25:24 -05:00

Author

Owner

@JasperTheMinecraftDev commented on GitHub (May 2, 2024):

Thanks for your responses! How can I check the ping-poinging between certs and how can I adjust these DNS settings if I run it Proxmox using the HA LXC container?

@JasperTheMinecraftDev commented on GitHub (May 2, 2024): Thanks for your responses! How can I check the ping-poinging between certs and how can I adjust these DNS settings if I run it Proxmox using the HA LXC container?

deekerman commented

2026-02-28 03:25:24 -05:00

Author

Owner

@CommanderStorm commented on GitHub (May 2, 2024):

How can I check the ping-poinging between certs

Pleaese see the comment I hinted at above:

https://github.com/louislam/uptime-kuma/issues/4520#issuecomment-2085962876

how can I adjust these DNS settings

You can adjust the DNS settings where you set up your DNS routes => at your DNS-Provider.

In case by the comment about HA LXC container you are asking how to set up nscd on a non docker machine:
We don't directly support that deployment path (Idk how this is packaged)
=> please contact the source you are getting this from or read through this issue:

https://github.com/louislam/uptime-kuma/issues/4699

@CommanderStorm commented on GitHub (May 2, 2024): > How can I check the ping-poinging between certs Pleaese see the comment I hinted at above: - https://github.com/louislam/uptime-kuma/issues/4520#issuecomment-2085962876 > how can I adjust these DNS settings You can adjust the DNS settings where you set up your DNS routes => at your DNS-Provider. In case by the comment about `HA LXC container` you are asking how to set up nscd on a non docker machine: We don't directly support that deployment path (Idk how this is packaged) => please contact the source you are getting this from or read through this issue: - https://github.com/louislam/uptime-kuma/issues/4699

deekerman commented

2026-02-28 03:25:24 -05:00

Author

Owner

@JasperTheMinecraftDev commented on GitHub (May 2, 2024):

How can I check the ping-poinging between certs

Pleaese see the comment I hinted at above:

The notification of "server certificate expired send too many #4520 (comment)

how can I adjust these DNS settings

You can adjust the DNS settings where you set up your DNS routes => at your DNS-Provider.

In case by the comment about HA LXC container you are asking how to set up nscd on a non docker machine: We don't directly support that deployment path (Idk how this is packaged) => please contact the source you are getting this from or read through this issue:

[tteck, LXC] dns caching disabled #4699

I enabled the caching and I did not get the EAI_AGAIN error(at least, not in the hour of testing I did)

Here's a screen of one of the sites that triggers the SSL cert error:

@JasperTheMinecraftDev commented on GitHub (May 2, 2024): > > How can I check the ping-poinging between certs > > Pleaese see the comment I hinted at above: > > * [The notification of "server certificate expired send too many #4520 (comment)](https://github.com/louislam/uptime-kuma/issues/4520#issuecomment-2085962876) > > > how can I adjust these DNS settings > > You can adjust the DNS settings where you set up your DNS routes => at your DNS-Provider. > > In case by the comment about `HA LXC container` you are asking how to set up nscd on a non docker machine: We don't directly support that deployment path (Idk how this is packaged) => please contact the source you are getting this from or read through this issue: > > * [[tteck, LXC] dns caching disabled #4699](https://github.com/louislam/uptime-kuma/issues/4699) I enabled the caching and I did not get the EAI_AGAIN error(at least, not in the hour of testing I did) Here's a screen of one of the sites that triggers the SSL cert error: ![image](https://github.com/louislam/uptime-kuma/assets/87150143/c2d0da66-9c8d-4a9e-ae8f-40ff56d5d2f7)