SNI for Check Certificate

I believe the “Check certificates” service should offer an option to manipulate SNI.
In my case I own 4 reverse-proxies that are in failover using keepalived, each of them is in charge of getting and renewing certificates for the services they proxy, they all proxy the same services, so gitlab.example.com should have 4 distinct certs 1 on each proxy the same as files.example.com another 4 certs 1 on each proxy and so on.

Only 1 proxy is the master at any time, so if I use the check certificate service it will only probe the currently master proxy for it’s certificate, regardless of which host it runs for.

I was able to find a way with the check http webservice to enable certificate checks but I don’t get the nice graphs and tracking of each certificate…

I do not with to create 4 services 1 for each of my proxy…

Am I missing something here ? or would it be a good enhancement to add SNI support (like “Virtualhost” in the deprecated check http service…) to the check certificate service ?

Hi @toxic0berliner !

I think this is a good suggestion for the ideas portal: https://ideas.checkmk.com/
Please consider searching for a similar idea and voting or adding your own idea there – that way it will reach the Product team directly

Thanks a lot I indeed found an already existing idea there “under consideration” so let’s cross fingers

Please also consider building the latest check_cert from master, installing it in parallel (for example as check_cert_alpha) and running it as legacy Nagios plug-in. There is a quite good chance that your wishes at least partially are there, but will not be mapped to the GUI until 2.6.

How to build check_httpv2 and check_cert. In case the blog article is unclear, DM the author.