X.509 Certificate Expiry Metrics
================================

This script simply retrieves a X.509 certificate from a given host and port
using OpenSSL and returns the number of seconds from the current time until
it expires (is no longer valid).

This script produces the following metrics:

  - `x509_expire_seconds` with the number of seconds until the certificate
    reaches its "not after" date, where a value of `0` means that it will
    expire the next second;
  - `x509_expire_success` holding `1` if OpenSSL succeeded retrieving and
    parsing the certificate, otherwise `0`; and
  - `x509_expire_scrape_duration_seconds` containing the number of seconds
    that it took to produce `x509_expire_seconds`.


How To Use
----------
Provide the intended host and port number.  Note that there is no parameter
for SNI, since I didn't need it.

```sh
# Generate metrics
$ ./metrics HOST PORT > expiry.$$

# Atomic move to avoid Prometheus reading incomplete writes
$ mv expiry.$$ expiry.prom
```

_Warning:_ This script assumes trusted inputs and does not escape the
hostname in label value output.