From 1da4c17a8c5c05b5fb5c5cd612ed9cd9601b5f42 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Wed, 12 Apr 2023 13:54:40 -0500 Subject: [PATCH] alerts: Add alerts for HTTPS certificates These alerts will generate notifications when websites' HTTPS certificates are not properly renewed automatically and become in danger of expiring. --- group_vars/metricspi/alerts.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/group_vars/metricspi/alerts.yml b/group_vars/metricspi/alerts.yml index 03b253c..7c34c5c 100644 --- a/group_vars/metricspi/alerts.yml +++ b/group_vars/metricspi/alerts.yml @@ -66,3 +66,26 @@ vmalert_rules: something happens to the active disk, such as hardware failure, power surge, fire, or accidental `rm -rf`, the offline disk is only out of date by a few weeks. + + - name: certificates + rules: + - alert: certificate will expire soon + expr: + probe_ssl_last_chain_expiry_timestamp_seconds - time() < 29 * 86400 + annotations: + summary: A certificate will expire in less than 29 days + description: >- + Generally, certificates are renewed automatically, approximately 30 + days before their expiration (NotAfter) date. There may be a problem + with the certificate renewal process that prevented this certificate + from being renewed. + - alert: certificate will expire very soon + expr: + probe_ssl_last_chain_expiry_timestamp_seconds - time() < 14 * 86400 + annotations: + summary: A certificate will expire in less than 14 days + description: >- + Generally, certificates are renewed automatically, approximately 30 + days before their expiration (NotAfter) date. There is most likely a + problem with the certificate renewal process that prevented this + certificate from being renewed.