Most websites now support HTTPS by default. The certificate we apply for is usually 3 months or 1 year. It is easy to expire the SSL certificate over time, but we did not find it the first time, or did not update the certificate in time before it expired.
This article introduces how to use the hertzbeat monitoring tool to detect the validity period of our website's SSL certificate, and send us a warning message when the certificate expires or a few days before the certificate expires.
What is HertzBeat
HertzBeat is a real-time monitoring tool with powerful custom monitoring capabilities without Agent. Website monitoring, PING connectivity, port availability, database, operating system, middleware, API monitoring, threshold alarms, alarm notification (email, WeChat, Ding Ding Feishu).
If you don't want to install, you can use the cloud service directly TanCloud exploration cloud console.tancloud.cn
dockerenvironment can be installed with just one command
docker run -d -p 1157:1157 --name hertzbeat tancloud/hertzbeat
- After the installation is successful, the browser can access
localhost:1157to start, the default account password is
Monitoring SSL certificates
- Click Add SSL Certificate Monitor
System Page -> Monitor Menu -> SSL Certificate -> Add SSL Certificate
- Configure the monitoring website
Here we take the example of monitoring Baidu website, configure monitoring host domain name, name, collection interval, etc. Click OK Note ⚠️Before adding, it will test the connectivity of the website by default, and the connection will be successful before adding. Of course, you can also gray out the Test or not button.
- View the detection index data
In the monitoring list, you can view the monitoring status, and in the monitoring details, you can view the metric data chart, etc.
- Set the threshold (triggered when the certificate expires)
System Page -> Alarms -> Alarm Thresholds -> New Thresholds
Configure the threshold, select the SSL certificate metric object, configure the alarm expression-triggered when the metric
true, that is,
equals(expired,"true"), set the alarm level notification template information, etc.
Associating thresholds with monitoring, in the threshold list, set which monitoring this threshold applies to.
- Set the threshold (triggered one week before the certificate expires)
In the same way, add a new configuration threshold and configure an alarm expression - when the metric expires timestamp
now()function is the current timestamp, if the configuration triggers an alarm one week in advance:
end_timestamp <= (now( ) + 604800000), where
604800000is the 7-day total time difference in milliseconds.
Finally, you can see the triggered alarm in the alarm center.
- Alarm notification (in time notification via Dingding WeChat Feishu, etc.)
Monitoring Tool -> Alarm Notification -> New Receiver
For token configuration such as Dingding WeChat Feishu, please refer to the help document
Alarm Notification -> New Alarm Notification Policy -> Enable Notification for the Recipient Just Configured
- OK When the threshold is triggered, we can receive the corresponding alarm message. If there is no notification, you can also view the alarm information in the alarm center.
The practice of monitoring SSL certificates is here. Of course, for hertzbeat, this function is just the tip of the iceberg. If you think hertzbeat is a good open source project, please give us a Gitee star on GitHub, thank you very much. Thank you for your support. Refill!