certificate not valid - but works fine with curl and browser

[hoggle64]

Linux vm4711 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 30 15:51:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

blackbox_exporter, version 0.20.0-rc.0 (branch: HEAD, revision: 55f5656)
build user: root@fa5c6374c24c
build date: 20220217-19:28:56
go version: go1.17.7
platform: linux/amd64

What is the blackbox.yml module config.

modules:
icmp:
prober: icmp
icmp:
preferred_ip_protocol: "ip4"
https_with_proxy:
prober: http
http:
#tls_config:
# insecure_skip_verify: true
preferred_ip_protocol: ip4
proxy_url: http://proxy1p.xx.yyyyy.org:8080
https:
prober: http
http:
#tls_config:
# insecure_skip_verify: true
preferred_ip_protocol: ip4

Hi guys,
I have the following issue:

When I use curl with proxy to check a website it works fine:

[root@vm4711:prometheus:~]$ curl -x http://proxy1p.xxxx.yyyyyy.org:8080 https://app.bfv.de redirect to https://app.bfv.de/error[root@vm4711:prometheus1p:~]$

When I use a browser to query https://app.bfv.de the browser opens the page without complains.

The I use the blackbox exporter it complains about the certificate:
`Feb 23 19:29:58 vm4711 blackbox_exporter: ts=2022-02-23T18:29:58.510Z caller=main.go:207 module=https_with_proxy target=https://app.bfv.de level=debug msg="Resolving target address" target=app.bfv.de ip_protocol=ip4

Feb 23 19:29:58 vm4711 blackbox_exporter: ts=2022-02-23T18:29:58.510Z caller=main.go:207 module=https_with_proxy target=https://app.bfv.de level=debug msg="Resolved target address" target=app.bfv.de ip=13.69.68.43

Feb 23 19:29:58 vm4711 blackbox_exporter: ts=2022-02-23T18:29:58.510Z caller=main.go:207 module=https_with_proxy target=https://app.bfv.de level=debug msg="Making HTTP request" url=https://13.69.68.43 host=app.bfv.de

Feb 23 19:29:58 vm4711 blackbox_exporter: ts=2022-02-23T18:29:58.539Z caller=main.go:207 module=https_with_proxy target=https://app.bfv.de level=debug msg="Error for HTTP request" err="Get "https://13.69.68.43\": x509: certificate is valid for *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net, not app.bfv.de"
`

So for some reasons the blackbox exporter is not behaving like other tools.

I have no idea how to fix this. It seems to be a bug.

[dgl]

This looks like a similar problem to #877, however your proxy is allowing the IP through, so you can workaround it.

Try adding the Host header explicitly to the module config, something like:

modules:
  https_with_proxy:
    prober: http
    http:
      preferred_ip_protocol: ip4
      proxy_url: http://proxy1p.xx.yyyyy.org:8080/
      headers:
        Host: app.bfv.de

[hoggle64]

Thank you @dgl ,
the point is that I am using this module "https_with_proxy" for a bigger list of targets.
So I cannot add the static host header in here.
If I would do so "app.bfv.de" might work, but it would break all the others.
Any idea ?

[dgl]

It's now supported to override the hostname via a HTTP parameter, so you can pass this from Prometheus, see: https://github.com/prometheus/blackbox_exporter#prometheus-configuration

This should let you have a dynamic host header.