Alert thresholds depend on the nature of your applications. Some queries may have arbitrary tolerance thresholds. Building an efficient monitoring platform takes time. 😉
4 Prometheus alerting rules for SSL/TLS. Exported via ssl_exporter. These rules cover critical and warning conditions — copy and paste the YAML into your Prometheus configuration.
groups:
- name: RibbybibbySslExporter
rules:
- alert: SSLCertificateProbeFailed
expr: ssl_probe_success == 0
for: 1m
labels:
severity: critical
annotations:
summary: SSL certificate probe failed (instance {{ $labels.instance }})
description: "Failed to fetch SSL information {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: SSLCertificateOCSPStatusUnknown
expr: ssl_ocsp_response_status == 2
for: 0m
labels:
severity: warning
annotations:
summary: SSL certificate OCSP status unknown (instance {{ $labels.instance }})
description: "Failed to get the OCSP status for {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: SSLCertificateRevoked
expr: ssl_ocsp_response_status == 1
for: 0m
labels:
severity: critical
annotations:
summary: SSL certificate revoked (instance {{ $labels.instance }})
description: "SSL certificate revoked {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: SSLCertificateExpiry(<7Days)
expr: ssl_verified_cert_not_after{chain_no="0"} - time() < 86400 * 7
for: 0m
labels:
severity: warning
annotations:
summary: SSL certificate expiry (< 7 days) (instance {{ $labels.instance }})
description: "{{ $labels.instance }} Certificate is expiring in 7 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" wget https://raw.githubusercontent.com/samber/awesome-prometheus-alerts/refs/heads/master/dist/rules/ssl/tls/ribbybibby-ssl-exporter.yml
Failed to fetch SSL information {{ $labels.instance }}
- alert: SSLCertificateProbeFailed
expr: ssl_probe_success == 0
for: 1m
labels:
severity: critical
annotations:
summary: SSL certificate probe failed (instance {{ $labels.instance }})
description: "Failed to fetch SSL information {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" Failed to get the OCSP status for {{ $labels.instance }}
- alert: SSLCertificateOCSPStatusUnknown
expr: ssl_ocsp_response_status == 2
for: 0m
labels:
severity: warning
annotations:
summary: SSL certificate OCSP status unknown (instance {{ $labels.instance }})
description: "Failed to get the OCSP status for {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" SSL certificate revoked {{ $labels.instance }}
- alert: SSLCertificateRevoked
expr: ssl_ocsp_response_status == 1
for: 0m
labels:
severity: critical
annotations:
summary: SSL certificate revoked (instance {{ $labels.instance }})
description: "SSL certificate revoked {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" {{ $labels.instance }} Certificate is expiring in 7 days
- alert: SSLCertificateExpiry(<7Days)
expr: ssl_verified_cert_not_after{chain_no="0"} - time() < 86400 * 7
for: 0m
labels:
severity: warning
annotations:
summary: SSL certificate expiry (< 7 days) (instance {{ $labels.instance }})
description: "{{ $labels.instance }} Certificate is expiring in 7 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"