Home / Companies / Mux / Blog / Post Details
Content Deep Dive

When Good Certificates Go Bad: Monitoring for Expired TLS Certificates

Blog post from Mux

Post Details
Company
Mux
Date Published
Author
Scott Kidder
Word Count
992
Company Posts That Month
5
Language
English
Hacker News Points
-
Post removed?
No
Summary

Transport Layer Security (TLS) is crucial for secure internet transactions. Mux developed an open-source certificate-expiry-monitor tool that uses Kubernetes API to discover servers using TLS certificates and emits Prometheus metrics with expiration times for installed certificates on each server. This helps in alerting when certificates are not being renewed automatically, preventing service unavailability due to expired certificates. The certificate-expiry-monitor tool was built in Go and can be configured with key options such as polling interval, Kubernetes namespace, labels, and domains to monitor. It generates Prometheus metrics for each pod + domain combination, indicating the time-to-expiry, time-since-issued, and certificate status. The tool has been integrated into Mux's infrastructure with a Grafana dashboard for monitoring and Prometheus alerting rules for warning when certificates are nearing expiry or have expired.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Kubernetes 6 604 96 28 -17%
Real-time 1 584 143 46 +22%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.