First of all, I would like to wish all the students who see it a happy mid-autumn festival, good health, and try to get rich on the basis of good health.
Into the main topic, most of the sites now support HTTPS by default, we apply for the certificate is generally 3 months or 1 year, it is easy with the passage of time SSL certificate expired we did not find the first time, or in the expiration of the certificate did not update the certificate in a timely manner.
Today's article describes how to use hertzbeat monitoring system to detect the validity of our website's SSL certificate, when the certificate expires or a few days before the expiration of the certificate, send us an alert message.
What is HertzBeat?
HertzBeat is a real-time monitoring tool with powerful customizable monitoring capabilities without the need for an agent. Website monitoring, PING connectivity, port availability, database, OS, middleware, API monitoring, threshold alerts, alert notifications (email weChat pinning flybook).
Official website: https://hertzbeat.com | https://tancloud.cn
github: https://github.com/apache/hertzbeat gitee: https://gitee.com/hertzbeat/hertzbeat
Install HertzBeat
If you don't want to install it, you can directly use the cloud service TanCloud console.tancloud.cn
The
docker
environment can be installed with a single commanddocker run -d -p 1157:1157 --name hertzbeat apache/hertzbeat
Installation success browser visit
localhost:1157
to start, the default account password `admin/hertzbeat
Monitoring SSL Certificates
Click Add SSL Certificate Monitor
System Page -> Monitor Menu -> SSL Certificates -> New SSL Certificate
Configure monitoring website
Here is an example to monitor Baidu website, configure the host domain name, name, collection interval, etc. > Click OK. Click OK. Note that ⚠️ will test the connectivity of the website before adding it by default, and it will add it only if the connection is successful, of course, you can also gray out the Whether to test button.
Viewing Test Indicator Data
You can view the task status in the monitor list, and go into the monitor details to view the metrics data graphs etc.
Set the threshold (triggered when the certificate expires)
System Page -> Alarms -> Alarm Thresholds -> Add Thresholds
Configure thresholds, select SSL certificate indicator object, configure alert expression - triggered when indicator
expired
istrue
, i.e.equals(expired, "true")
, set alert level notification template message etc.Associate thresholds with monitors, set which monitors this threshold should be applied to in the threshold list.
set the threshold (triggered one week before certificate expiration)
Same as above, add a new configuration threshold, configure the alert expression - when the indicator validity timestamp
end_timestamp
,now()
function for the current timestamp, if you configure to trigger the alert one week in advance i.e.:end_timestamp <= (now() + 604800000)
, where604800000
is the total time difference of 7 days. milliseconds.Eventually you can see the triggered alarms in the alarm center.
Alarm notification (timely notification via NailWeChatFlysheet, etc.)
Monitoring System -> Alert Notification -> Add Recipients
You can refer to the help file for the token configuration of Nail WeChat Flying Book, etc.
https://hertzbeat.com/docs/help/alert_dingtalk https://tancloud.cn/docs/help/alert_dingtalk
Alert Notification -> Add new alert notification policy -> Enable notification for the recipients you just configured
OK When the threshold is triggered, we can receive the corresponding alarm message, if there is no notification, you can also view the alarm information in the alarm center.
End
The practice of monitoring SSL certificates here, of course, for hertzbeat this function is just the tip of the iceberg, if you think hertzbeat this open source project is good if you welcome to give us in the GitHub Gitee star oh, thank you very much. Thank you for your support. The author!