Check for SSL Cert expiring

Have a great idea for an upcoming release of NEMS? Post it here.
Post Reply
User avatar
Zerant
Junior Member
Posts: 14
Joined: Wed Jan 02, 2019 11:30 am

Check for SSL Cert expiring

Post by Zerant »

Hey,

I added a check to my NEMS to check how long my SSL Certs are valid.
Its pretty useful if you are using Letsencrypt and dont have automated renews or even to see if a automated renew is working

This is the check I use
https://exchange.nagios.org/directory/P ... rt/details

this is the command:


define command {
                command_name                          check_ssl_cert
                command_line                          $USER1$/check_ssl_cert -H $HOSTADDRESS$ -p $ARG1$ -w $ARG2$ -c $ARG3$
}

ARG1=SSL Port
ARG2=days remaining [warn]
ARG3=days remaining [crit]

For the Advanced Service:

advanced service name: SSL validation
service description: SSL validation

check period: 24x7
notification period: 24x7

service template(s): generic-service

ARG1: 443
ARG2: 30
ARG3: 15

Best,
Zerant
Last edited by Zerant on Fri Jan 25, 2019 5:08 am, edited 1 time in total.
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: Check for SSL Cert expiring

Post by Robbie Ferguson »

That's fine, but why not just use the included check_http?
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: Check for SSL Cert expiring

Post by Robbie Ferguson »

-- that said, I'll put this on the to do list just cause maybe it'd be easier for novice users to have this already pre-configured. I'll review it and see if there's any advantage over check_http, which already offers ssl checking.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
User avatar
Zerant
Junior Member
Posts: 14
Joined: Wed Jan 02, 2019 11:30 am

RE: Check for SSL Cert expiring

Post by Zerant »

yes it does, but only if SSL is reachable not how long the cert is valid:

SSL_CERT OK - x509 certificate 'DOMAINNAME' from 'Let's Encrypt Authority X3' valid until Apr 10 10:48:48 2019 GMT (expires in 74 days)
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: Check for SSL Cert expiring

Post by Robbie Ferguson »

That's incorrect. As per the docs at https://docs.nemslinux.com/check_commands/check_http

Check the state of the hosts SSL certificate and treat as a problem if it expires in 30 days or less:

-C 30

That said, I do see value in including a check command specifically for the purpose. I am just pointing out that the functionality is already there, so it's not really necessary.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
Post Reply