HaseHarald
eb9d7fa2a1
[ssl/ssl-certificate-expiry] Disable shellcheck SC1090
...
When linting this script, this will always fire. This is because shellcheck
only does static code analysis and thus can not determine the filepath.
References:
- https://www.shellcheck.net/wiki/SC1090
2023-01-13 21:57:17 -08:00
HaseHarald
470e837b26
[ssl/ssl-certificate-expiry] Add configurable timeout
...
This should help with unreachable hosts, as the plugin can take more than
10 minutes to complete otherwise. These changes should be fully backwards
compatible, since the default is no timeout set, so it acts the same way
as before.
Changes:
- Introduce "timeout" configuration
- Only run timeout when configured
- Document usage of new configuration
2023-01-13 21:57:17 -08:00
Andreas Perhab
d9701b4f6a
certificate_file_expiry: add option to ignore unexpanded patterns
...
this helps use the same configs on multiple nodes where not all the
patterns expand to existing files on all of them or when files are not
yet existing
2022-02-21 10:34:31 +01:00
Andreas Perhab
4b8b098288
certificate_file_expiry: enable checking openvpn in config certificates
2022-02-21 10:34:31 +01:00
Andreas Perhab
f0d5df2902
certificate_file_expiry: re-enable old defaults for warning and critical
...
those were accidentially removed in
76170d2745
2022-02-21 10:19:41 +01:00
Olivier Mehani
94066132ce
[ssl-certificate-expiry] add env.skip_cert_hashes to skip certificates
...
This fix allows to skip validity checks on any intermediate certificate
which subject hash appears in the list.
Let's Encrypt certificates are cross-signed by both DST Root CA X3 and
ISRG Root X1. DST Root CA X3 has expired on 2021-09-30 [0], which causes
the plugin to incorrectly report some full-chain LE certificates as
expired.
[0] https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2021-12-31 19:26:58 +01:00
Andreas Perhab
fea81596eb
certificate_file_expiry: optional logarithmic view for long lived certs
...
logarithmic was removed in d885a314ad
but still has it's benefits for openvpn CA and CRL certs. when enabling
logarithmic we keep the SI units now instead of rrdtools default
scientific notation.
2021-12-04 02:30:02 +01:00
Kim B. Heino
31db64fefe
certificate_file_expiry: label "50" instead of "5e+01"
...
Scale values were "4e+01, 5e+01, ...". Using linear scale and "48, 50, 52, ..." is much more readable.
Also use shorter vlabel, old one is too long.
2021-12-02 16:38:17 +01:00
Andreas Perhab
c6590b6715
letsencrypt_weekly: display by registered domain
2021-10-25 21:18:47 +02:00
Adam Mizerski
09974133b3
ssl-certificate-expiry: fix handling domains starting with digits
...
resolves #1224
2021-07-14 21:25:22 +02:00
Lars Kruse
2c9121708a
Fix some spelling mistakes
...
Thanks, codespell!
2021-04-05 23:24:50 +02:00
Lars Kruse
da87fcd6c7
Fix spelling issues
2021-03-31 20:39:12 +02:00
Andreas Perhab
9c995590b2
certificate_file_expiry: add pattern support for CERT env variable
2020-12-28 20:42:30 +01:00
JTSage
eb7a1e7276
Add some sane defaults, some enviromental variable overrides, fix autoconf, and add more error trapping
2020-11-28 20:31:45 +01:00
JTSage
36c291110d
Change proposed name, certbot_certs -> certbot_expiry
2020-11-28 20:31:45 +01:00
JTSage
2f7d94071d
Add "certbot-certs"
...
This plugin will semi-auto discover certbot (letsencrypt) certificates and output their expiry in days.
2020-11-28 20:31:45 +01:00
Nazdravi
f0479a9a7d
[ssl-certificate-expiry] host name verification + proxy connection ( #1126 )
...
* optional verification of request to certificate hostname match (env.checkname yes)
* optional openssl proxy usage (env.proxy PROXYHOST:PORT)
2020-10-31 23:41:06 +01:00
Thomas Heidrich
8542c09283
fixup file mode 755
2020-10-28 21:54:42 +01:00
Thomas Heidrich
f6ea58d5f5
avoid blocking in ssl_
...
Just in case there is a firewall dropping packages, this plugin
would block until the plugin timeout is reached. This change introduces
the possibility to configure a much lower individual timeout.
2020-10-28 21:54:42 +01:00
Lars Kruse
09b88141b3
Improve documantion of many plugins
...
Specifically the configuration examples are now indented properly.
2020-10-24 17:29:08 +02:00
Martin Schobert
bba98f95b3
ssl-certificate-expiry: Feature added: checking intermediate certs as well ( #1088 )
2020-09-06 22:19:12 +02:00
Lars Kruse
8713eb3722
Fix spelling mistakes in comments and descriptions
...
Thanks, codespell!
2020-03-26 04:23:21 +01:00
Lars Kruse
52144bc277
ssl-certificate-expiry: remove hardcoded CA directory path
...
This should allow the plugin to be usable on all platforms.
2020-02-06 00:54:29 +01:00
Lars Kruse
292cfb955a
ssl-certificate-expiry: add support for FreeBSD's "date"
...
Thanks to oz42
Closes : #1038
2020-01-25 01:22:11 +01:00
Olivier Mehani
0b4725d69d
[ssl/ssl-certificate-expiry] Fix unset starttls parameter
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2019-10-03 17:28:04 +02:00
ruliane
3aa213d497
Add support for StartTLS in ssl-certificate-expiry ( #1018 )
...
* Add support for StartTLS in ssl-certificate-expiry
Added support for StartTLS in ssl-certificate-expiry
Use env.services foo.example.net_25_smtp to enable StartTLS on a SMTP server.
2019-09-17 19:37:37 +02:00
RenWal
4e7c45fdc9
Fix typos in certificate_file_expiry
...
Typos broke the sample configuration
2019-09-02 23:07:45 +02:00
Lars Kruse
7fed3b9765
Fix multiple shellcheck issues
2019-08-13 05:16:13 +02:00
Andreas Perhab
d6d5fa80be
Added plugins for certificates
...
* plugin to monitor certificiate lifetime
* plugin to monitor letsencrypt certificate issue limit
2019-07-31 03:13:21 +02:00
Olivier Mehani
7e995a0210
squash! squash! [ssl-certificate-expiry] Add asynchronous update via cron
...
* use find to detect only recent cache files
* reduce cron periodicity to an hour
* use variable instead of TMP file
2019-07-22 22:15:20 +10:00
Olivier Mehani
793b75b9ee
squash! [ssl-certificate-expiry] Add asynchronous update via cron
...
revert local
2019-07-22 22:07:43 +10:00
Olivier Mehani
59f057f88b
[ssl-certificate-expiry] Add asynchronous update via cron
...
Also, cleanup the script to be better POSIX sh compatible, and add -u to
the shebang.
2019-07-20 22:51:56 +10:00
Lars Kruse
e7eb28869c
plugins ssl_ and ssl-certificate-expiry: various improvements
...
* simplify date parsing: use "date" instead of awk's "mktime" (requires gawk)
* simplify structure
* use the same function (copy'n'paste) for both plugins
Closes : #893
2018-03-30 01:53:48 +02:00
Olivier Mehani
81e1966814
[ssl] Remove legacy ssl, and replacement ssl-certificate-expiry
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-07-23 13:19:40 +10:00
Olivier Mehani
332396976b
fixup! [multi-ssl] Backward compatibility with ssl_
2017-06-21 21:32:48 +10:00
Olivier Mehani
21cc6fc458
[ssl-certificate-expiry] Rename from multi_ssl
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-20 21:15:17 +10:00
Olivier Mehani
47ef218263
[multi-ssl] Backward compatibility with ssl_
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-20 21:14:24 +10:00
Olivier Mehani
f31fe9a6c3
[multi-ssl] POSIX shell compatibility
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-16 21:09:50 +10:00
Olivier Mehani
91fe427bfc
[ssl_/multi_ssl] More legible cert-parsing code
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-16 20:46:12 +10:00
Olivier Mehani
a4c308081c
[multi_ssl] New plugin showing multiple SSL Cert expiry in one graph
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-13 10:51:36 +10:00
dipohl
eaf6c2d7ce
Category Tree: Reduce number of categories
...
mogilefs -> fs (mogilefs)
moodle -> cms (moodle)
openvz -> virtualization (openvz)
wowza -> streaming (wowza)
varnish -> webserver (varnish)
xbnbt -> torrent (xbnbt)
2017-02-23 15:31:40 +01:00
Olivier Mehani
43e67ac747
[ssl_] Can't use colon in plugin names
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2016-08-05 14:04:58 +10:00
Olivier Mehani
21dfe488c0
[ssl_] Allow to specify ports other than HTTPS
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2016-08-05 13:22:49 +10:00
Simon Tennant
f3917e1595
Support SNI in the certificate checking
...
plugin was checking the first vhost rather than the correct vhost's ssl certificate validity.
2013-10-03 09:50:57 +02:00
Simon Tennant
33cf24ad79
more sensible subdirectory name (ssl_certificates -> ssl)
2013-08-11 08:00:41 +02:00