Could not complete SSL handshake. – BUT YOU TRIED EVERYTHING!

No, it is NOT the allowed_hosts.
You already checked it 5 times. It is NOT the acl.
Some of the log:


[root@hackbox plugins]# time ./check_nrpe -H 127.0.0.1
12:00:01.138458 IP 127.0.0.1.42830 > 127.0.0.1.5666: Flags [S], seq 288814041, win 43690, options [mss 65495,sackOK,TS val 864077668 ecr 0,nop,wscale 10], length 0
13:48:47.032618 IP 127.0.0.1.5666 > 127.0.0.1.42830: Flags [S.], seq 2522330068, ack 288814042, win 43690, options [mss 65495,sackOK,TS val 864077668 ecr 864077668,nop,wscale 10], length 0
12:00:01.138489 IP 127.0.0.1.42830 > 127.0.0.1.5666: Flags [.], ack 1, win 43, options [nop,nop,TS val 864077668 ecr 864077668], length 0
12:00:01.138929 IP 127.0.0.1.42830 > 127.0.0.1.5666: Flags [P.], seq 1:126, ack 1, win 43, options [nop,nop,TS val 864077668 ecr 864077668], length 125
12:00:01.138939 IP 127.0.0.1.5666 > 127.0.0.1.42830: Flags [.], ack 126, win 43, options [nop,nop,TS val 864077668 ecr 864077668], length 0
Dec 16 12:00:01 hackbox nrpe[27388]: refused connect from 127.0.0.1 (127.0.0.1)

12:00:06.140011 IP 127.0.0.1.5666 > 127.0.0.1.42830: Flags [R.], seq 1, ack 126, win 43, options [nop,nop,TS val 0 ecr 864077668], length 0
CHECK_NRPE: Error - Could not complete SSL handshake.

real    0m5.014s
user    0m0.005s
sys     0m0.008s

Dec 16 12:00:57 hackbox nrpe[27623]: refused connect from 127.0.0.1 (127.0.0.1)

What fixed it? Editing the /etc/hosts.allowed and /etc/hosts.deny .