When Good Certificates Go Bad: Monitoring for Expired TLS Certificates
Blog post from Mux
Transport Layer Security (TLS) is crucial for secure internet transactions. Mux developed an open-source certificate-expiry-monitor tool that uses Kubernetes API to discover servers using TLS certificates and emits Prometheus metrics with expiration times for installed certificates on each server. This helps in alerting when certificates are not being renewed automatically, preventing service unavailability due to expired certificates. The certificate-expiry-monitor tool was built in Go and can be configured with key options such as polling interval, Kubernetes namespace, labels, and domains to monitor. It generates Prometheus metrics for each pod + domain combination, indicating the time-to-expiry, time-since-issued, and certificate status. The tool has been integrated into Mux's infrastructure with a Grafana dashboard for monitoring and Prometheus alerting rules for warning when certificates are nearing expiry or have expired.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| Kubernetes | 6 | 604 | 96 | 28 | -17% |
| Real-time | 1 | 584 | 143 | 46 | +22% |
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.