mikegerwitz

History

Mike Gerwitz 0ec4219d91 Increase *_scrape_duration resolution to ms May want to clean this up at some point. Note that Bash doesn't have floating point arithmetic support in `(())`.		2021-06-15 23:48:12 -04:00
..
README.md	x509/expiry: Add script	2021-06-15 23:19:24 -04:00
metrics	Increase *_scrape_duration resolution to ms	2021-06-15 23:48:12 -04:00

README.md

X.509 Certificate Expiry Metrics

This script simply retrieves a X.509 certificate from a given host and port using OpenSSL and returns the number of seconds from the current time until it expires (is no longer valid).

This script produces the following metrics:

x509_expire_seconds with the number of seconds until the certificate reaches its "not after" date, where a value of 0 means that it will expire the next second;
x509_expire_success holding 1 if OpenSSL succeeded retrieving and parsing the certificate, otherwise 0; and
x509_expire_scrape_duration_seconds containing the number of seconds that it took to produce x509_expire_seconds.

How To Use

Provide the intended host and port number. Note that there is no parameter for SNI, since I didn't need it.

# Generate metrics
$ ./metrics HOST PORT > expiry.$$

# Atomic move to avoid Prometheus reading incomplete writes
$ mv expiry.$$ expiry.prom

Warning: This script assumes trusted inputs and does not escape the hostname in label value output.