Mike Gerwitz
0ec4219d91
May want to clean this up at some point. Note that Bash doesn't have floating point arithmetic support in `(())`. |
||
---|---|---|
.. | ||
README.md | ||
metrics |
README.md
X.509 Certificate Expiry Metrics
This script simply retrieves a X.509 certificate from a given host and port using OpenSSL and returns the number of seconds from the current time until it expires (is no longer valid).
This script produces the following metrics:
x509_expire_seconds
with the number of seconds until the certificate reaches its "not after" date, where a value of0
means that it will expire the next second;x509_expire_success
holding1
if OpenSSL succeeded retrieving and parsing the certificate, otherwise0
; andx509_expire_scrape_duration_seconds
containing the number of seconds that it took to producex509_expire_seconds
.
How To Use
Provide the intended host and port number. Note that there is no parameter for SNI, since I didn't need it.
# Generate metrics
$ ./metrics HOST PORT > expiry.$$
# Atomic move to avoid Prometheus reading incomplete writes
$ mv expiry.$$ expiry.prom
Warning: This script assumes trusted inputs and does not escape the hostname in label value output.