blackbox_exporter icon indicating copy to clipboard operation
blackbox_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Feature Request: Add metric for the most recent NotBefore field in the certificate chain

Open konstantin-kornienko opened this issue 2 years ago • 1 comments

We're monitoring different types of certificates. Some of them are long-living (1 year) and some of them are short-living (3 days or less, issued by Hashicorp Vault).

It would be very helpful to have a metric that shows the latest NotBefore field in the chain. Some like probe_ssl_latest_cert_not_before (similart to ssl_cert_not_before in this exporter: https://github.com/ribbybibby/ssl_exporter).

If we have such metric, we can calculate the certificate's TTL by using the expression: probe_ssl_earliest_cert_expiry - probe_ssl_latest_cert_not_before It will allow us to use different alerts' thresholds for short-living and long-living certificates.

We can use mentioned exporter for that, but it's not very convenient to split URL & Certificate monitoring into 2 different exporters.

Thanks!

konstantin-kornienko avatar Jun 26 '23 11:06 konstantin-kornienko

hey, can you share more about the usecase for short lived and long lived certs?. If maintainers think that it's a valid usecase, I would be happy to review the PR for the change :)

electron0zero avatar Jun 28 '23 11:06 electron0zero