Hello There, Guest! Login Register
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Check for SSL Cert expiring

#1
Hey,

I added a check to my NEMS to check how long my SSL Certs are valid.
Its pretty useful if you are using Letsencrypt and dont have automated renews or even to see if a automated renew is working

This is the check I use
https://exchange.nagios.org/directory/Pl...rt/details

this is the command:


define command {
                command_name                          check_ssl_cert
                command_line                          $USER1$/check_ssl_cert -H $HOSTADDRESS$ -p $ARG1$ -w $ARG2$ -c $ARG3$
}

ARG1=SSL Port
ARG2=days remaining [warn]
ARG3=days remaining [crit]

For the Advanced Service:

advanced service name: SSL validation
service description: SSL validation

check period: 24x7
notification period: 24x7

service template(s): generic-service

ARG1: 443
ARG2: 30
ARG3: 15

Best,
Zerant
 Reply
#2
That's fine, but why not just use the included check_http?
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#3
-- that said, I'll put this on the to do list just cause maybe it'd be easier for novice users to have this already pre-configured. I'll review it and see if there's any advantage over check_http, which already offers ssl checking.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#4
yes it does, but only if SSL is reachable not how long the cert is valid:

SSL_CERT OK - x509 certificate 'DOMAINNAME' from 'Let's Encrypt Authority X3' valid until Apr 10 10:48:48 2019 GMT (expires in 74 days)
 Reply
#5
That's incorrect. As per the docs at https://docs.nemslinux.com/check_commands/check_http

Check the state of the hosts SSL certificate and treat as a problem if it expires in 30 days or less:

-C 30

That said, I do see value in including a check command specifically for the purpose. I am just pointing out that the functionality is already there, so it's not really necessary.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
 
 
Forum Jump:

Users browsing this thread: 1 Guest(s)