[Feature]: Certificate expiry check should be configurable

[FileGo]

🏷️ Feature Request Type

Other

🔖 Feature description

#781 adds TLS/SSL certificate expiry check, but it is not configurable in any way.

I am using step-ca as internal PKI, were certificates expire every 24h (good certificates die young), and are auto-renewed via ACME.

This means that every day, when my certificates change, I get a torrent of notifications for every service I am monitoring.

✔️ Solution

User should be able to disable certificate expiry notifications (especially where certificate renewal is handled automatically), but notification should still be there where certificate is expired (unless Ignore TLS/SSL error for HTTPS websites is checked of course).

❓ Alternatives

No response

📝 Additional Context

No response

⚠️ Please verify that this feature request has NOT been suggested before.

• I checked and didn't find similar feature request

[louislam]

Interesting, I never knew step-ca.

It should be safe to downgrade back to 1.9.2 at this moment.

[MoriTanosuke]

Would be nice to set the notification period. I auto-renew my certificates between 14 and 7 days before expiry, so I would like to set the first time to be notified to 6 days.

[ghost]

@louislam I agree with @MoriTanosuke - it should be possible to be notified X days before the certificate expires. This would be really helpful to not have stress renewing the certificate afters it's already expired. You can renew the certificate without any stress X days before the certificate actually expires.

[gdeflaux]

Hi. +1 on the idea of having notifications X days before expiry. I would actually be great to have a view with the list of all SSL Certificates and their expiry dates. I think this feature would make the app a one-stop shop for all standard monitoring needs, perfect for a lot of orgs.

[meyerje]

I'd like to have a list and notification of certificate expiry as well. I'd rather see an optional setting versus having the Ignore TLS/SSL error for HTTPS websites option turn them off though.

[ttorresg]

It would be great if the notices of 21, 14 and 7 days were configurable, being able to choose the days of notice.

[jeloneal]

I would also love to have more control over the certificate expiration check.

1. allow to manually define the remaining days for all 3 notification steps (currently it is fixed to 21,14 and 7)
2. allow to set those values globally instead or in addition to setting it by probe
3. allow setting number of steps (or allow setting days to 0 to disable a notification step)

If you are using Traefik or Kubernetes Ingress stuff together with Let's encrypt it usually refreshes the certificates ~10 days before expiry.
This means that we are always getting the first two notices for all probes (we have many) every few month. For that use case it would be enough to get the 7 days warning as it would indicate that the automatism has probably failed. Leaving enough time to check and fix stuff.

Thanks in advance!

[chakflying]

Implemented in #1641.

[mcsilver]

Implemented in #1641.

Thank you!