README
¶
x509 certificate monitoring with Netdata
This module checks the time until a x509 certificate expiration and its revocation status.
Metrics
All metrics have "x509." prefix.
| Metric | Scope | Dimensions | Units |
|---|---|---|---|
| time_until_expiration | global | expiry | seconds |
| revocation_status | global | revoked | boolean |
Configuration
Edit the go.d/x509check.conf configuration file using edit-config from the
Netdata config directory, which is typically at /etc/netdata.
cd /etc/netdata # Replace this path with your Netdata config directory
sudo ./edit-config go.d/x509check.conf
Needs only source.
Use smtp scheme for smtp servers, file for files and https or tcp for others. Port is mandatory for all non-file
schemes.
Here is an example for 3 sources:
update_every: 60
jobs:
- name: my_site_cert
source: https://my_site.org:443
- name: my_file_cert
source: file:///home/me/cert.pem
- name: my_smtp_cert
source: smtp://smtp.my_mail.org:587
For all available options and defaults please see module configuration file.
Revocation status
Revocation status check is disabled by default. To enable it set check_revocation_status to yes.
jobs:
- name: my_site_cert
source: https://my_site.org:443
check_revocation_status: yes
Troubleshooting
To troubleshoot issues with the x509check collector, run the go.d.plugin with the debug option enabled. The output
should give you clues as to why the collector isn't working.
-
Navigate to the
plugins.ddirectory, usually at/usr/libexec/netdata/plugins.d/. If that's not the case on your system, opennetdata.confand look for thepluginssetting under[directories].cd /usr/libexec/netdata/plugins.d/ -
Switch to the
netdatauser.sudo -u netdata -s -
Run the
go.d.pluginto debug the collector:./go.d.plugin -d -m x509check
Documentation
Source Files