3

Stackdriver is great for checking uptime, unfortunately it doesn't care if a TLS certificate is expired or invalid. Has Anyone been able to configure it so that it fails and triggers warnings when the certificates are invalid?

At this point I'm considering writing a simple cron job to alert me if a certificate is getting long in the tooth... specially with all the Let's Encrypt challenge changes.

Ray Foss
  • 239
  • 2
  • 12
  • Let's Encrypt certificate renewals are meant to be automated. You should actually do that. – Michael Hampton Mar 25 '19 at 14:00
  • 2
    @MichaelHampton Even when they are automated, you still need to keep an eye on them. TLS SNI got deprecated, an update could break certbot, in kubernetes, cert-manager could fail to start after an update due to a missing configuration (this happened to me). There is a reason why Let's Encrypt requires an email, it's not to prevent ddos... things happen. – Ray Foss Mar 25 '19 at 14:15

2 Answers2

2

Taking a look on the current documentation of Stackdriver metrics and monitoring agent metrics currently it doesn't support the monitoring of SSL certificates.

However, seems that other users have already created a feature request for this.

Raul Bautista
  • 103
  • 3
0

It looks to be supported now: https://cloud.google.com/monitoring/uptime-checks/

Note that this is surprisingly a rare feature to support for health check services.

Breedly
  • 230
  • 2
  • 8