Prometheus metrics for checking certificate expiration
Use the following config.yaml
port: 6060
certs:
- type: file
file: /tmp/cert-test.pem
name: test cert
interval: 10m
- type: address
address: google.com:443 #host:port
name: google cert
interval: 10m
Based on the configuration, the data collector will check certificate file or certificate from a TLS address, and create the prometheus metric. A sample scrape output is shown as below. The metric is the type of guage, repsenting the days left to exipration.
# HELP certificate_checker_expiry days left to the cert expiry
# TYPE certificate_checker_expiry gauge
certificate_checker_expiry{address="",issuer="O=sws",name="test cert",path="/tmp/cert-test.pem",subject="O=sws",type="file"} -0.9331897887322916
certificate_checker_expiry{address="google.com:443",issuer="CN=GTS CA 1C3,O=Google Trust Services LLC,C=US",name="google cert",path="",subject="CN=*.google.com",type="address"} 64.76944786807475
certificate_checker_expiry{address="google.com:443",issuer="CN=GTS Root R1,O=Google Trust Services LLC,C=US",name="google cert",path="",subject="CN=GTS CA 1C3,O=Google Trust Services LLC,C=US",type="address"} 1866.4241122192825
certificate_checker_expiry{address="google.com:443",issuer="CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE",name="google cert",path="",subject="CN=GTS Root R1,O=Google Trust Services LLC,C=US",type="address"} 1986.424112218873
The subject, issuer of the cert are shown as the labels of the prometheus metric.
