relybytes / nginx-certbot Goto Github PK

Describe the feature. 📝

We need to implement a system to periodically check if any SSL/TLS certificates managed by our server (originated from internal requirements) are nearing expiration or have already expired. This feature is essential for maintaining the integrity and security of our web services, as it ensures continuous HTTPS availability.

Describe the solution you'd like 💡

The ideal solution involves setting up a cron job that runs a script at regular intervals (e.g., daily). This script should:

• Enumerate all SSL/TLS certificates managed by the server.
• Check each certificate's expiry date.
• Alert the system administrators if any certificate is nearing expiry or has already expired, allowing for timely renewal.

Describe alternatives you've considered 🔄

An alternative could be the use of external monitoring tools that track certificate validity. However, integrating an internal solution directly within our server environment provides more control and reduces dependency on third-party services.

Additional context 📚

This feature is particularly important for avoiding service interruptions and potential security risks associated with expired certificates. Implementing this will enhance our proactive maintenance capabilities.

Validation

This section is to be updated with suggestions for testing this issue. Key validation points include:

• Ensuring the script accurately detects the expiry status of all certificates.
• Verifying that the cron job runs as scheduled without causing any disruptions.
• Confirming that appropriate alerts/notifications are generated and sent to system administrators.