Gracefully handle and report SSL connection errors in Geo admin screen

Customers attempting to configure Geo with invalid SSL certificate bundles
would not be alerted properly.

Closes #3460

app/services/geo/node_status_service.rb

@@ -41,7 +41,7 @@ module Geo
           end
         rescue OpenSSL::Cipher::CipherError
           ['Error decrypting the Geo secret from the database. Check that the primary uses the correct db_key_base.']
-        rescue HTTParty::Error, Timeout::Error, SocketError, Errno::ECONNRESET, Errno::ECONNREFUSED => e
+        rescue HTTParty::Error, Timeout::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e
           [e.message]
         end
 

spec/services/geo/node_status_service_spec.rb

@@ -57,6 +57,23 @@ describe Geo::NodeStatusService do
       expect(status.health).to eq("Could not connect to Geo node - HTTP Status Code: 401 Unauthorized\n")
     end
 
+    it 'alerts on bad SSL certficate' do
+      message = 'bad certificate'
+      allow(described_class).to receive(:get).and_raise(OpenSSL::SSL::SSLError.new(message))
+
+      status = subject.call(secondary)
+
+      expect(status.health).to eq(message)
+    end
+
+    it 'handles connection refused' do
+      allow(described_class).to receive(:get).and_raise(Errno::ECONNREFUSED.new('bad connection'))
+
+      status = subject.call(secondary)
+
+      expect(status.health).to eq('Connection refused - bad connection')
+    end
+
     it 'returns meaningful error message when primary uses incorrect db key' do
       secondary # create it before mocking GeoNode#secret_access_key