34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
|
X.509 Certificate Expiry Metrics
|
||
|
================================
|
||
|
|
||
|
This script simply retrieves a X.509 certificate from a given host and port
|
||
|
using OpenSSL and returns the number of seconds from the current time until
|
||
|
it expires (is no longer valid).
|
||
|
|
||
|
This script produces the following metrics:
|
||
|
|
||
|
- `x509_expire_seconds` with the number of seconds until the certificate
|
||
|
reaches its "not after" date, where a value of `0` means that it will
|
||
|
expire the next second;
|
||
|
- `x509_expire_success` holding `1` if OpenSSL succeeded retrieving and
|
||
|
parsing the certificate, otherwise `0`; and
|
||
|
- `x509_expire_scrape_duration_seconds` containing the number of seconds
|
||
|
that it took to produce `x509_expire_seconds`.
|
||
|
|
||
|
|
||
|
How To Use
|
||
|
----------
|
||
|
Provide the intended host and port number. Note that there is no parameter
|
||
|
for SNI, since I didn't need it.
|
||
|
|
||
|
```sh
|
||
|
# Generate metrics
|
||
|
$ ./metrics HOST PORT > expiry.$$
|
||
|
|
||
|
# Atomic move to avoid Prometheus reading incomplete writes
|
||
|
$ mv expiry.$$ expiry.prom
|
||
|
```
|
||
|
|
||
|
_Warning:_ This script assumes trusted inputs and does not escape the
|
||
|
hostname in label value output.
|