~cypheon/ecertmon

Erlang TLS Certificate Expiration Monitor (Prometheus Exporter)
313149b7 — Johann Rudloff 3 years ago
Return empty list instead of 0 in error case
b5c5bf81 — Johann Rudloff 3 years ago
Fix Prometheus metrics output formatting
c4125349 — Johann Rudloff 3 years ago
Allow a certain threshold of errors before reporting invalid cert

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~cypheon/ecertmon
read/write
git@git.sr.ht:~cypheon/ecertmon

You can also use your local clone with git send-email.

#ecertmon

Tiny blackbox certificate expiry date exporter for Prometheus written in Erlang.

You configure which hosts should be scanned:

{targets, [
           {"elfelli.sinyax.net", 443},
           {"neo.sinyax.net", 443},
           {"git.sinyax.net", 443}
          ]
}.

And ecertmon will export one metric for each configured target presenting the expiration date of the certificate (in Unix epoch seconds):

$ curl http://127.0.0.1:9101/metrics
tls_cert_expiry{hostname="elfelli.sinyax.net", port="443"} 1613347516
tls_cert_expiry{hostname="neo.sinyax.net", port="443"} 1613347549
tls_cert_expiry{hostname="git.sinyax.net", port="443"} 1611533202

#Build

If you're on macOS, use gmake instead of make in all following steps.

# Build the project
# (run from inside the source root directory)

make deps
make app

#Configure

A config sample is in config/certmon.sample.config. The config settings have quite descriptive names and should be self-explanatory.

The path to the config file needs to be passed as value of the environment variable CERTMON_CONFIG_FILE.

#Run (from Source)

# Run the project
# (run from inside the source root directory)
# Using an absolute path for $CERTMON_CONFIG_FILE helps to prevent headaches

CERTMON_CONFIG_FILE="$PWD/config/certmon.sample.config" make run

#Run (from Release)

TODO: Publish releases and document how to use them