Ssl Certs Check

ssl-certs-check #

Simple SSL Certs Expiration Check

Github Repo

Features #

  • config the hosts and alert emails inside toml configuration file
  • docker-compose start Prometheus/Alertmanager/Grafana for check and alert

How it works #

  • hosts ssl certs will be checked regulaly by ssl-certs-check,
  • expose expiration date as prometheus metrics
  • base on configuration, all metrics have alert email as labels
  • generated alertmanager config file base on configuration for alert

Building Binary #

make build
cp configurations/config-example.toml configurations/config.toml
# modify configurations/config.toml, then
./ssl-certs-check -config configurations/config.toml

Docker build #

modify docker-compose.yaml ssl-certs-check env ENV_GOPROXY, then

docker-compose build

Configuration #

ssl-certs-check main config file:

configurations/config-example.toml #

  • smtp-xxxx and [[hosts]] related configuration need to be modified
    listen-address = ":8080"

    # refresh to get latest hosts 

    # after hosts change, ssl-certs-check will call this url to reload alertmanager

    # ssl-certs-check will generate alertmanager.conf to this path

    # altermanager will use these smtp server send alert emails

    # hosts example: 
    # - if port not provided, default is 443
    # - alert-emails define who care about this address' cert expiration

        address = ""
        alert-emails = ["", ""]
        address = ""
        alert-emails = [""]
alert rule

configurations/alert_rules.yml #

  • You can adjust the alert expiration days (25 here)
  - name: 'ssl-certs-check-alert'
    - alert: SSLCertsNearlyExpiration
            expr: round((exporter_cert_not_after{} - time())/3600/24) < 25
            title: 'SSL Certs Will expire after {{ $value }} days'
            description: ' Please kindly renew'
            severity: 'critical'

Usage #

docker-compose up -d

Then access:

Metrics #

Metric Meaning Labels
exporter_cert_not_after cert not after X Unix Epoch seconds cert_hostname,alert_email
exporter_host_queue_length how many hosts in queue waiting to be check (lower the better)