Hey,
I added a check to my NEMS to check how long my SSL Certs are valid.
Its pretty useful if you are using Letsencrypt and dont have automated renews or even to see if a automated renew is working
This is the check I use
https://exchange.nagios.org/directory/P ... rt/details
this is the command:
define command {
command_name check_ssl_cert
command_line $USER1$/check_ssl_cert -H $HOSTADDRESS$ -p $ARG1$ -w $ARG2$ -c $ARG3$
}
ARG1=SSL Port
ARG2=days remaining [warn]
ARG3=days remaining [crit]
For the Advanced Service:
advanced service name: SSL validation
service description: SSL validation
check period: 24x7
notification period: 24x7
service template(s): generic-service
ARG1: 443
ARG2: 30
ARG3: 15
Best,
Zerant
Check for SSL Cert expiring
Check for SSL Cert expiring
Last edited by Zerant on Fri Jan 25, 2019 5:08 am, edited 1 time in total.
- Robbie Ferguson
- Posting Freak
- Posts: 835
- Joined: Wed Mar 07, 2012 3:23 pm
- Location: Ontario, Canada
- Contact:
RE: Check for SSL Cert expiring
That's fine, but why not just use the included check_http?
Robbie Ferguson // The Bald Nerd
Did I help you out? Appreciate what I do? Please consider saying thanks:
Did I help you out? Appreciate what I do? Please consider saying thanks:
- Throw something in the tip jar: https://donate.category5.tv
- Support Category5 TV on Patreon: https://patreon.com/category5
- Support NEMS Linux on Patreon: https://patreon.com/nems
- Robbie Ferguson
- Posting Freak
- Posts: 835
- Joined: Wed Mar 07, 2012 3:23 pm
- Location: Ontario, Canada
- Contact:
RE: Check for SSL Cert expiring
-- that said, I'll put this on the to do list just cause maybe it'd be easier for novice users to have this already pre-configured. I'll review it and see if there's any advantage over check_http, which already offers ssl checking.
Robbie Ferguson // The Bald Nerd
Did I help you out? Appreciate what I do? Please consider saying thanks:
Did I help you out? Appreciate what I do? Please consider saying thanks:
- Throw something in the tip jar: https://donate.category5.tv
- Support Category5 TV on Patreon: https://patreon.com/category5
- Support NEMS Linux on Patreon: https://patreon.com/nems
RE: Check for SSL Cert expiring
yes it does, but only if SSL is reachable not how long the cert is valid:
SSL_CERT OK - x509 certificate 'DOMAINNAME' from 'Let's Encrypt Authority X3' valid until Apr 10 10:48:48 2019 GMT (expires in 74 days)
SSL_CERT OK - x509 certificate 'DOMAINNAME' from 'Let's Encrypt Authority X3' valid until Apr 10 10:48:48 2019 GMT (expires in 74 days)
- Robbie Ferguson
- Posting Freak
- Posts: 835
- Joined: Wed Mar 07, 2012 3:23 pm
- Location: Ontario, Canada
- Contact:
RE: Check for SSL Cert expiring
That's incorrect. As per the docs at https://docs.nemslinux.com/check_commands/check_http
Check the state of the hosts SSL certificate and treat as a problem if it expires in 30 days or less:
-C 30
That said, I do see value in including a check command specifically for the purpose. I am just pointing out that the functionality is already there, so it's not really necessary.
Check the state of the hosts SSL certificate and treat as a problem if it expires in 30 days or less:
-C 30
That said, I do see value in including a check command specifically for the purpose. I am just pointing out that the functionality is already there, so it's not really necessary.
Robbie Ferguson // The Bald Nerd
Did I help you out? Appreciate what I do? Please consider saying thanks:
Did I help you out? Appreciate what I do? Please consider saying thanks:
- Throw something in the tip jar: https://donate.category5.tv
- Support Category5 TV on Patreon: https://patreon.com/category5
- Support NEMS Linux on Patreon: https://patreon.com/nems