Check on host with multiple SSL certificates

[desylva]

I have a redirect host with multiple domains some using one certificate and other domains using yet another certificate.
While the check for the SSL returns OK for all the domains (%CN%) the %DAYS_VALID% and %CA_ISSUER_MATCHED% are only for the same certificate for all the domains apparently not checking the correct certificate with the check on host.

The command check I use:
check_ssl_cert -H $HOSTADDRESS$ -u $ARG1$ --format '%SHORTNAME% %STATUS%:%DAYS_VALID% %CN% - %CA_ISSUER_MATCHED%'

While "$ARG1$ " is the domain name.

Am I missing something or is it a bug/limitation?

If I run:
check_ssl_cert -H $ARG1$

Then it returns the correct certificate. However I am looking to specifically check against a host IP address with a domain name maybe even before a DNS record has yet been created/modified.

[matteocorti]

Very difficult to say without any debugging output or the possibility to test

[desylva]

It would be easy enough to replicate.
One instance with 2 domains, 2 different certificates, one for each domain.
The test will pick only one certificate from the server, the default one instead of the one for the domain.

[matteocorti]

Maybe. But it would be nice to help. If I find the time to set it up, I'll take a look.

[jfayne]

Have you tried using --sni? This is my typical command line

./check_ssl_cert -w 45 -c 30 -A -H SYSTEM_HOSTNAME --sni CERT_DOMAIN --ignore-host-cn --ignore-ocsp-errors