utilities/telegraf-plugins#8: Certbot renewal notification

Issue Information

Issue Type: issue
Status: closed
Reported By: btasker
Assigned To: btasker

Created: 25-Jun-22 15:25



Description

This isn't actually a telegraf plugin as such, but this repo/project is the closest match.

I've had issues in the past with LetsEncrypt certs silently failing to renew - good alerting on certificate ages catches those certs when they're close to expiry, but I'd prefer to catch it even earlier.

The aim of this task is to create a hook for certbot which reports in when certificates are renewed - we'd then be able to create a deadman alert against those metrics



Toggle State Changes

Activity


25-Jun-22 15:25

assigned to @btasker


25-Jun-22 15:25

changed the description


25-Jun-22 15:30

It's a little buried in the documentation but certbot supports configuring multiple hooks:

  • pre
  • post
  • deploy

The deploy hook is called after a successful renewal, so is perfect for our needs (unfortunately the post hook doesn't appear to be told whether a renewal was successful, so we can't use it to pick up on failed renewals).

Hooks can be put into /etc/letsencrypt/renewal-hooks/deploy so that they don't need to be specified on the command line at invocation time.

The aim here, then, is to create a simple hook which accepts details of the certificates that certbot has renewed and then write those into InfluxDB


25-Jun-22 15:46

Published at https://github.com/bentasker/telegraf-plugins/tree/master/scripts/certbot_renewal_report


25-Jun-22 16:00
verified

mentioned in commit github-mirror/telegraf-plugins@24cc79cdf51334469593555b73cd9f4d2cc9bdca

Commit: github-mirror/telegraf-plugins@24cc79cdf51334469593555b73cd9f4d2cc9bdca 
Author: B Tasker                            
                            
Date: 2022-06-25T16:43:13.000+01:00

Message

Create deploy-hook script for utilities/telegraf-plugins#8

This script is intended as a post-deploy hook for certbot, it'll take $RENEWED_DOMAINS and submit information into InfluxDB

+75 -0 (75 lines changed)

25-Jun-22 16:00
verified

mentioned in commit github-mirror/telegraf-plugins@f05573e0cc79abf9f2f57a93882a5f96fe810426

Commit: github-mirror/telegraf-plugins@f05573e0cc79abf9f2f57a93882a5f96fe810426 
Author: B Tasker                            
                            
Date: 2022-06-25T16:44:04.000+01:00

Message

Create README for utilities/telegraf-plugins#8

+82 -0 (82 lines changed)

26-Jun-22 13:32

I've published a write-up here on how to set up graphing and alerting using this.


26-Jun-22 13:44

mentioned in issue jira-projects/LAN#55