SSL Certificates Check Popular
Zabbix Template: External Website SSL Utilities
References
This has been adopted from the great work by Roman on the Zabbix Share site. I wasn't able to get his precise methodology working on my environment, so I split the .sh file out into two separate ones and this is working well for me. Roman's work was based off of [email protected]'s work that was originally posted here.
Installation
Note: I've only tested this on Zabbix 3.4.0. I'm not sure if this will work well/at all for any other versions.
Zabbix Template
Import template_SSL_Cert_Check_External.xml into your Zabbix installation. Assign this profile to required Hosts.
Host Requirements
Host Name must be the name of the website to be monitored. Ex: www.zabbix.com
Macros
| Macro | Default Value | Description |
|---|---|---|
| {$SNI} | {HOSTNAME} | Allows you to pass a different SNI to openssl on the Zabbix server for site certificate monitoring |
| {$SSL_EXPIRY_NOTCLASSIFIED} | 90 | Threshold of remaining days until expiration to throw a trigger of 'Not Classified' severity |
| {$SSL_EXPIRY_INFO} | 60 | Threshold of remaining days until expiration to throw a trigger of 'Information' severity |
| {$SSL_EXPIRY_AVG} | 30 | Threshold of remaining days until expiration to throw a trigger of 'Average' severity |
| {$SSL_EXPIRY_WARN} | 15 | Threshold of remaining days until expiration to throw a trigger of 'Warning' severity |
| {$SSL_EXPIRY_HIGH} | 7 | Threshold of remaining days until expiration to throw a trigger of 'High' severity |
| {$SSL_HOST} | {HOSTNAME} | Hostname ("Website") to monitor. |
| {$SSL_PORT} | 443 | Port on which to test certificate. |
Recommended Modifications
I strongly recommend modifiying the {$SSL_EXPIRY_*} macros for the sites that you're using LetsEncrypt certificates for as they are much shorter lived and don't renew until they are set to expire in a few weeks (Depending on how you've configured it).
External Scripts
Place zext_ssl_expiry.sh and zext_ssl_issuer.sh into your Zabbix Server's External Scripts folder. (In my i
