Error "cannot find program: bc" when running check_ssl_cert to monitor smtp cert

Question

Error "cannot find program: bc" when running check_ssl_cert to monitor smtp cert

Closed this issue a year ago · 3 comments

Getting below error when I run check to monitor one of our smtp cert. our smtp is actually a postfix which is configured to allow tlsv1.3

[root@ip-REDACTED check_ssl_cert-2.75.0]# ./check_ssl_cert -H REDACTED_SMTP_HOSTNAME -P smtp -w 10 -c 5
SSL_CERT UNKNOWN 'REDACTED_SMTP_HOSTNAME': cannot find program: bc

debug output:

./check_ssl_cert -H REDACTED -P smtp -w 10 -c 5 -d

[DBG] check_ssl_cert version: 2.75.0
[DBG] System info: Linux ip-REDACTED 5.14.0-284.30.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 25 09:13:12 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux
[DBG] /etc/os-release:
[DBG] NAME="Red Hat Enterprise Linux"
[DBG] VERSION="9.2 (Plow)"
[DBG] ID="rhel"
[DBG] ID_LIKE="fedora"
[DBG] VERSION_ID="9.2"
[DBG] PLATFORM_ID="platform:el9"
[DBG] PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
[DBG] ANSI_COLOR="0;31"
[DBG] LOGO="fedora-logo-icon"
[DBG] CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
[DBG] HOME_URL="https://www.redhat.com/"
[DBG] DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
[DBG] BUG_REPORT_URL="https://bugzilla.redhat.com/"
[DBG]
[DBG] REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
[DBG] REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
[DBG] REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
[DBG] REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
[DBG] User: root
[DBG] Shell: /bin/bash
[DBG] GNU bash, version 5.1.8(1)-release (x86_64-redhat-linux-gnu)
[DBG] Copyright (C) 2020 Free Software Foundation, Inc.
[DBG] License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
[DBG]
[DBG] This is free software; you are free to change and redistribute it.
[DBG] There is NO WARRANTY, to the extent permitted by law.
[DBG] grep: /bin/grep
[DBG] grep (GNU grep) 3.6
[DBG] Copyright (C) 2020 Free Software Foundation, Inc.
[DBG] License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html.
[DBG] This is free software: you are free to change and redistribute it.
[DBG] There is NO WARRANTY, to the extent permitted by law.
[DBG]
[DBG] Written by Mike Haertel and others; see
[DBG] https://git.sv.gnu.org/cgit/grep.git/tree/AUTHORS.
[DBG] hostname: /bin/hostname
[DBG] $PATH: /root/.local/bin:/root/bin:/sbin:/bin:/usr/sbin:/usr/bin
[DBG] Command line arguments: -H 'REDACTED_SMTP_HOSTNAME' -P smtp -w 10 -c 5 -d
[DBG] TMPDIR = /tmp
[DBG] Required HTTP headers:
[DBG] Unrequired HTTP headers:
[DBG] curl binary needed. SSL Labs = , OCSP = 1, CURL = , IGNORE_CONNECTION_STATE=, FILE_URI=
[DBG] curl binary not specified
[DBG] curl available: /bin/curl
[DBG] curl 7.76.1 (x86_64-redhat-linux-gnu) libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0
[DBG] Release-Date: 2021-04-14
[DBG] Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
[DBG] Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets
[DBG] Proxy settings (after):
[DBG] http_proxy =
[DBG] https_proxy =
[DBG] HTTP_PROXY =
[DBG] HTTPS_PROXY =
[DBG] s_client =
[DBG] curl =
[DBG] Checking if the host is listed in /etc/hosts
[DBG] Host listed in /etc/hosts as
[DBG] REDACT_IP 'REDACTED_SMTP_HOSTNAME'
[DBG] HOST = 'REDACTED_SMTP_HOSTNAME'
[DBG] SNI =
[DBG] HOST_NAME = 'REDACTED_SMTP_HOSTNAME'
[DBG] HOST_ADDR = 'REDACTED_SMTP_HOSTNAME'
[DBG] NAMES_TO_BE_CHECKED = HOST
[DBG] Checking if 'REDACTED_SMTP_HOSTNAME' is an IP address
[DBG] 'REDACTED_SMTP_HOSTNAME' is not an IP address
[DBG] HOST_IS_IP. = 0
[DBG] Checking if 'REDACTED_SMTP_HOSTNAME' is an IP address
[DBG] 'REDACTED_SMTP_HOSTNAME' is not an IP address
[DBG] Adding 'REDACTED_SMTP_HOSTNAME' to NAMES_TO_BE_CHECKED
[DBG] NAMES_TO_BE_CHECKED = 'REDACTED_SMTP_HOSTNAME'
[DBG] -c specified: 5
[DBG] -w specified: 10
[DBG] cleaning up temporary files
SSL_CERT UNKNOWN 'REDACTED_SMTP_HOSTNAME': cannot find program: bc

openssl version

OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)

Answer 1 · 2023-10-30T15:45:47.000Z

As defined in INSTALL.md bc is a required utility.
Which is the output of command -v bc?

Answer 2 · 2023-10-30T15:48:36.000Z

The check works:

./check_ssl_cert -P smtp --host smtp-inbound.bns.emailprivacy.com
SSL_CERT OK - smtp-inbound.bns.emailprivacy.com:25, smtp, x509 certificate '*.bns.emailprivacy.com' (smtp-inbound.bns.emailprivacy.com) from 'Let's Encrypt' valid until Jan  4 12:08:49 2024 GMT (expires in 65 days)|days_chain_elem1=65;20;15;; days_chain_elem2=686;20;15;;

Answer 3 · 2023-10-30T16:24:20.000Z

Thank you Matteo for quick reply.