Erlang TLS Certificate Expiration Monitor (Prometheus Exporter)
313149b7 — Johann Rudloff 3 years ago
Return empty list instead of 0 in error case
b5c5bf81 — Johann Rudloff 3 years ago
Fix Prometheus metrics output formatting
c4125349 — Johann Rudloff 3 years ago
Allow a certain threshold of errors before reporting invalid cert


browse  log 



You can also use your local clone with git send-email.


Tiny blackbox certificate expiry date exporter for Prometheus written in Erlang.

You configure which hosts should be scanned:

{targets, [
           {"elfelli.sinyax.net", 443},
           {"neo.sinyax.net", 443},
           {"git.sinyax.net", 443}

And ecertmon will export one metric for each configured target presenting the expiration date of the certificate (in Unix epoch seconds):

$ curl
tls_cert_expiry{hostname="elfelli.sinyax.net", port="443"} 1613347516
tls_cert_expiry{hostname="neo.sinyax.net", port="443"} 1613347549
tls_cert_expiry{hostname="git.sinyax.net", port="443"} 1611533202


If you're on macOS, use gmake instead of make in all following steps.

# Build the project
# (run from inside the source root directory)

make deps
make app


A config sample is in config/certmon.sample.config. The config settings have quite descriptive names and should be self-explanatory.

The path to the config file needs to be passed as value of the environment variable CERTMON_CONFIG_FILE.

#Run (from Source)

# Run the project
# (run from inside the source root directory)
# Using an absolute path for $CERTMON_CONFIG_FILE helps to prevent headaches

CERTMON_CONFIG_FILE="$PWD/config/certmon.sample.config" make run

#Run (from Release)

TODO: Publish releases and document how to use them