blackbox_exporter icon indicating copy to clipboard operation
blackbox_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Document difference between TLS Cert expiry metrics

Open slrtbtfs opened this issue 1 year ago • 2 comments

blackbox-exporter currently offers two metrics to measure when TLS Certificates will expire.

The difference between those is very subtle, but using probe_ssl_earliest_cert_expiry for checking whether a certificate is due to replacement can lead to false positive alerts.

This documents the difference between those two.

Generally, probe_ssl_last_chain_expiry_timestamp_seconds seems to be what most people would want to use.

slrtbtfs avatar Dec 03 '24 12:12 slrtbtfs

Hm, the CircleCI Tests seem to be failing for reasons unrelated to this PR:

level=error msg="Resolution with IP protocol failed" target=ipv6.google.com ip_protocol=ip4 err="lookup ipv6.google.com on 10.89.4.1:53: no such host"

Looks like the CI Test environment is having some network Issues.

Locally, the tests run fine.

slrtbtfs avatar Dec 03 '24 12:12 slrtbtfs

CI is passing now after a rebase, so this PR is ready.

slrtbtfs avatar Feb 25 '25 09:02 slrtbtfs