cert-checker is a certificate monitoring utility for watching tls certificates. These checks get exposed as Prometheus metrics to be viewed on a dashboard, or soft alert cluster operators.
This tool is heavily inspired by the awesome version-checker by jetstack.
cert-checker supports the following types of certificate errors (and possible more):
- Expired certificates
- Wrong host
- Bad root certificates
- Revoked certificate
- Cipher suites not allowed
- dh480
- dh512
- null
- rc4
cert-checker can be installed as a standalone static binary from the release page
By default, cert-checker will expose the version information as Prometheus
metrics on 0.0.0.0:8080/metrics
.