Feature Request: Add metric for the most recent NotBefore field in the certificate chain

[konstantin-kornienko]

We're monitoring different types of certificates. Some of them are long-living (1 year) and some of them are short-living (3 days or less, issued by Hashicorp Vault).

It would be very helpful to have a metric that shows the latest NotBefore field in the chain. Some like probe_ssl_latest_cert_not_before (similart to ssl_cert_not_before in this exporter: https://github.com/ribbybibby/ssl_exporter).

If we have such metric, we can calculate the certificate's TTL by using the expression: probe_ssl_earliest_cert_expiry - probe_ssl_latest_cert_not_before It will allow us to use different alerts' thresholds for short-living and long-living certificates.

We can use mentioned exporter for that, but it's not very convenient to split URL & Certificate monitoring into 2 different exporters.

Thanks!

[electron0zero]

hey, can you share more about the usecase for short lived and long lived certs?. If maintainers think that it's a valid usecase, I would be happy to review the PR for the change :)