We use two different kind of TLS certificates:
As the manual process requires some time, we need higher thresholds for the warning. Is there a way to configure 30/10 days for WARN/CRIT for Let’s encrypt and 60/30 days for other certificates without having to explicitly select hosts in the rule?
Maybe you can give the smallest collection of hosts a host label to base your rule on for change of state configuration. Example: ssl/alternative:yes
maybe @r.sander’s data2label from Checkmk Exchange can even set the label for you, if you can detect which certificates are from let’s encrypt automatically :)?
Our SSL certificates extension sets service labels based on the issuer hash from the certificate. This way you can identify the Let’s Encrypt certs.
Thanks, that was what I searched for.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.