Simple SSL Certs Expiration Check
- config the hosts and alert emails inside toml configuration file
- docker-compose start Prometheus/Alertmanager/Grafana for check and alert
- hosts ssl certs will be checked regulaly by ssl-certs-check,
- expose expiration date as prometheus metrics
- base on configuration, all metrics have alert email as labels
- generated alertmanager config file base on configuration for alert
make build
cp configurations/config-example.toml configurations/config.toml
# modify configurations/config.toml, then
./ssl-certs-check -config configurations/config.toml
modify docker-compose.yaml
ssl-certs-check env ENV_GOPROXY
, then
docker-compose build
ssl-certs-check main config file: configurations/config-example.toml
- smtp-xxxx and [[hosts]] related configuration need to be modified
listen-address = ":8080"
# refresh to get latest hosts
refresh-interval-second=3600
[alertmanager]
# after hosts change, ssl-certs-check will call this url to reload alertmanager
reload-url="http://alertmanager:9093/-/reload"
# ssl-certs-check will generate alertmanager.conf to this path
config-path="configurations/alertmanager.conf"
# altermanager will use these smtp server send alert emails
smtp-smarthost=''
smtp-from=''
smtp-username=''
smtp-password=''
# hosts example:
# - if port not provided, default is 443
# - alert-emails define who care about this address' cert expiration
[[hosts]]
address = "www.supertechfans.com"
alert-emails = ["u1@example.com", "u2@example.com"]
[[hosts]]
address = "githube.com:443"
alert-emails = ["abc@example.com"]
alert rule configurations/alert_rules.yml
- You can adjust the alert expiration days (25 here)
groups:
- name: 'ssl-certs-check-alert'
rules:
- alert: SSLCertsNearlyExpiration
expr: round((exporter_cert_not_after{} - time())/3600/24) < 25
annotations:
title: 'SSL Certs Will expire after {{ $value }} days'
description: ' Please kindly renew'
labels:
severity: 'critical'
docker-compose up -d
Then access:
- alertmanager
- prometheus
- grafana (admin/admin)
Metric | Meaning | Labels |
---|---|---|
exporter_cert_not_after | cert not after X Unix Epoch seconds | cert_hostname,alert_email |
exporter_host_queue_length | how many hosts in queue waiting to be check (lower the better) |