Prometheus alerting rules for the SSL Exporter
Within Prometheus you can define alerting rules. Alerting rules allow you to define alert conditions based on Prometheus expression language expressions and to send notifications about firing alerts to an external service.
💡 Our GitHub examples repository contains alerting rule examples.
Basic alerting rules
The collection of awesome Prometheus alerts contains alerting rules for the managed Promtheus exporters available at ping7.io. The following rules are the important ones for the SSL Exporter.
groups:
- name: ssl
rules:
- alert: SslCertificateProbeFailed
expr: ssl_probe_success == 0
for: 0m
labels:
severity: critical
annotations:
summary: SSL certificate probe failed (instance {\{ $labels.instance }})
description: "Failed to fetch SSL information {\{ $labels.instance }}\n VALUE = {\{ $value }}\n LABELS = {\{ $labels }}"
- alert: SslCertificateOscpStatusUnknown
expr: ssl_ocsp_response_status == 2
for: 0m
labels:
severity: warning
annotations:
summary: SSL certificate OSCP status unknown (instance {\{ $labels.instance }})
description: "Failed to get the OSCP status {\{ $labels.instance }}\n VALUE = {\{ $value }}\n LABELS = {\{ $labels }}"
- alert: SslCertificateRevoked
expr: ssl_ocsp_response_status == 1
for: 0m
labels:
severity: critical
annotations:
summary: SSL certificate revoked (instance {\{ $labels.instance }})
description: "SSL certificate revoked {\{ $labels.instance }}\n VALUE = {\{ $value }}\n LABELS = {\{ $labels }}"
- alert: SslCertificateExpiry(<7Days)
expr: ssl_verified_cert_not_after{chain_no="0"} - time() < 86400 * 7
for: 0m
labels:
severity: warning
annotations:
summary: SSL certificate expiry (< 7 days) (instance {\{ $labels.instance }})
description: "{\{ $labels.instance }} Certificate is expiring in 7 days\n VALUE = {\{ $value }}\n LABELS = {\{ $labels }}"
💡 Find all awesome Blackbox Exporter alerting rules here.
Advanced alerting rules
Coming soon