certinel icon indicating copy to clipboard operation
certinel copied to clipboard
verified publisher icon cloudflare

Report metrics for watched certificate not before/not after times

Open cbroglie opened this issue 1 year ago • 2 comments

Providing metrics for the watched certificate not before/not after times would be helpful for alerts to ensure certificates are being renewed and reloaded by the application.

This functionality could be implemented outside outside of this library using the existing API (i.e. just calling GetCertificate), but it would be nice if applications could get these metrics automatically just by leveraging certinel.

cbroglie avatar May 14 '24 00:05 cbroglie

Is something like this what you had in mind?

# HELP certificate_not_after_milliseconds Measures the not after timestamp of the loaded certificate
# TYPE certificate_not_after_milliseconds gauge
certificate_not_after_milliseconds{certificate_serial="65537",otel_scope_name="github.com/cloudflare/certinel/fswatcher",otel_scope_version="0.4.1"} 1.716224463e+12
# HELP certificate_not_before_milliseconds Measures the not before timestamp of the loaded certificate
# TYPE certificate_not_before_milliseconds gauge
certificate_not_before_milliseconds{certificate_serial="65537",otel_scope_name="github.com/cloudflare/certinel/fswatcher",otel_scope_version="0.4.1"} 1.716224463e+12

terinjokes avatar May 21 '24 17:05 terinjokes

Looks great. One other request is to include the cert's file path as a label, to make it easy to identify different certs when an application uses multiple.

cbroglie avatar May 22 '24 20:05 cbroglie