We're monitoring different types of certificates. Some of them are long-living (1 year) and some of them are short-living (3 days or less, issued by Hashicorp Vault).
It would be very helpful to have a metric that shows the latest NotBefore field in the chain. Some like
probe_ssl_latest_cert_not_before (similart to ssl_cert_not_before in this exporter: https://github.com/ribbybibby/ssl_exporter).
If we have such metric, we can calculate the certificate's TTL by using the expression:
probe_ssl_earliest_cert_expiry - probe_ssl_latest_cert_not_before
It will allow us to use different alerts' thresholds for short-living and long-living certificates.
We can use mentioned exporter for that, but it's not very convenient to split URL & Certificate monitoring into 2 different exporters.
hey, can you share more about the usecase for short lived and long lived certs?. If maintainers think that it's a valid usecase, I would be happy to review the PR for the change :)
We're monitoring different types of certificates. Some of them are long-living (1 year) and some of them are short-living (3 days or less, issued by Hashicorp Vault).
It would be very helpful to have a metric that shows the latest NotBefore field in the chain. Some like
probe_ssl_latest_cert_not_before
(similart to ssl_cert_not_before in this exporter: https://github.com/ribbybibby/ssl_exporter).If we have such metric, we can calculate the certificate's TTL by using the expression:
probe_ssl_earliest_cert_expiry - probe_ssl_latest_cert_not_before
It will allow us to use different alerts' thresholds for short-living and long-living certificates.We can use mentioned exporter for that, but it's not very convenient to split URL & Certificate monitoring into 2 different exporters.
Thanks!