1
0
Fork 0
promscripts/x509/expiry
Mike Gerwitz 0ec4219d91
Increase *_scrape_duration resolution to ms
May want to clean this up at some point.  Note that Bash doesn't have
floating point arithmetic support in `(())`.
2021-06-15 23:48:12 -04:00
..
README.md x509/expiry: Add script 2021-06-15 23:19:24 -04:00
metrics Increase *_scrape_duration resolution to ms 2021-06-15 23:48:12 -04:00

README.md

X.509 Certificate Expiry Metrics

This script simply retrieves a X.509 certificate from a given host and port using OpenSSL and returns the number of seconds from the current time until it expires (is no longer valid).

This script produces the following metrics:

  • x509_expire_seconds with the number of seconds until the certificate reaches its "not after" date, where a value of 0 means that it will expire the next second;
  • x509_expire_success holding 1 if OpenSSL succeeded retrieving and parsing the certificate, otherwise 0; and
  • x509_expire_scrape_duration_seconds containing the number of seconds that it took to produce x509_expire_seconds.

How To Use

Provide the intended host and port number. Note that there is no parameter for SNI, since I didn't need it.

# Generate metrics
$ ./metrics HOST PORT > expiry.$$

# Atomic move to avoid Prometheus reading incomplete writes
$ mv expiry.$$ expiry.prom

Warning: This script assumes trusted inputs and does not escape the hostname in label value output.