prometheus ssl alerts for expiring certificates

files/core_alerts.yml

@@ -179,5 +179,21 @@ groups:
     annotations:
       summary: "Service failed (instance {{ $labels.instance }})"
       description: "Service Failed. Check host to ensure functioning.\n  VALUE = {{ $value }}\n  LABELS: {{ $labels }}"
-
+  - alert: CertificateExpirationWarning
+    expr: ((quantile by (serial_no,cn,instance) (0.5, ssl_cert_not_after)) and ((quantile by (serial_no,cn,instance) (0.5, ((ssl_cert_not_after - time()) /  (ssl_cert_not_after - ssl_cert_not_before))) ) < 0.33)) - time()
+    for: 5m
+    labels:
+      severity: warning
+    annotations:
+      summary: "Certificate (instance {{ $labels.instance }})"
+      description: "Certificate More than 66% expired.\n  VALUE = {{ $value }}\n  LABELS: {{ $labels }}"
+  - alert: CertificateExpirationCritical
+    expr: ((quantile by (serial_no,cn,instance) (0.5, ssl_cert_not_after)) and ((quantile by (serial_no,cn,instance) (0.5, ((ssl_cert_not_after - time()) /  (ssl_cert_not_after - ssl_cert_not_before))) ) < 0.2)) - time()
+    for: 5m
+    labels:
+      severity: critical
+    annotations:
+      summary: "Certificate (instance {{ $labels.instance }})"
+      description: "Certificate More than 80% expired!\n  VALUE = {{ $value }}\n  LABELS: {{ $labels }}"
+