Monitor letsenrcypt certificates with Zabbix
Letsenrcypt is a great free system to automatically provide ssl/tls certificates for your website(s)Zabbix is a great free system to monitor your IT infrastructure
One of the main features of Zabbix is the ability to extend it with any kind of monitoring scripts.
So when you do use letsencrypt certificates, you can also monitor them from Zabbix.
There exists a template you can add to the Zabbix server, and the required config and script files you place on the agents.
These can be found here.
It provides these features:
- Autodiscovery of all active letsencrypt certificates
- Monitor the lifetime of the certificates
- Trigger when the certificates are about to expire (Which means your auro renew does not work correctly)
- Monitor the certbot version
- Triggers when certbor version is below 0.28
The certbot version is important, since all certbot versions below 0.28 don't support the ACME-2.0 standard which is required by letsencrypt since the 13-february 2019.
Whith this you can relax about your ssl certificates, you won't have customers calling you in the morning, that their website(s) have an invalid/expired certificate.
You can even enhance the ssl monitoring with more Zabbix templates from here.
These allow you to monitor also ftps/imaps/smtps/pop3s and other TLS/SSL secured connections.
We use these in our own environment, to make sure everything runs smoothly and that we are warned of potential problems before the customers notice them.
