Saturday, 8 June 2019

How to monitory SSL Certificate expiry With Nagios

Nagios plugin “check_http” provides SSL Certificate monitoring to check certificates expiration dates and Nagios generate alerts when SSL certificates near their expiration date. So the same can renew their certificates before problems occur.
Most of the Nagios plugins are available in EPEL repository (Extra Packages for Enterprise Linux) for Cent OS 7 and RHEL.

Nagios Server: Centos/RHEL 6 (Compiled Nagios core installed)
Nagios client OS: Centos/ RHEL 7 (NRPE agent installed by Yum)

Step 1: Setup EPEL repository and install “check_http” Nagios plugin: Follow tutorial How to install EPEL repository on Centos7 and Run the following command to install the check_http nagios plugin if already not installed.

[root@linuxcnf-client ~]# yum install nagios-plugins-http
Loaded plugins: changelog, fastestmirror
  nagios-plugins-http.x86_64 0:2.2.1-9git5c7eb5b9.el7

[root@linuxcnf-client ~]#

Step 2: Configure NRPE: add the below line in NRPE configuration file in nagios and change the site name with your SSL configured site:

[root@linuxcnf-client ~]# vi /etc/nagios/nrpe.cfg
command[check_ssl_linuxcnf]=/usr/lib64/nagios/plugins/check_http -H -S --sni -C 30,14
[root@linuxcnf-client ~]#

Step 3: Run the following command to verify the command working status:

[root@linuxcnf-client ~]# /usr/lib64/nagios/plugins/check_http -H -S --sni -C 30,14
SSL OK - Certificate '' will expire in 72 days on 2019-08-20 16:43 +0530/IST.
[root@linuxcnf-client ~]#

Step 4: Restart NRPE service: Run the following command to restart NREP service:

[root@linuxcnf-client ~]# service nrpe restart
Redirecting to /bin/systemctl restart nrpe.service
[root@linuxcnf-client ~]#

Step 5: Integrate the command in Nagios server: Add the below service definition in host configuration file and define host configuration(Assuming that server already integrated in Nagios server and the command check command defined.).

define service {
        use                        generic-service
        host_name               <Server_Hostname>
        contacts                  nagiosadmin
        service_description  SSL Check
        check_command        check_nrpe!check_ssl_linuxcnf
Step 6: Pre-flight check and reload Nagios service: Run the following command to check configuration syntax check:

[root@linuxcnf-server ~]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Total Warnings: 0
Total Errors:   0

Things look okay - No serious problems were detected during the pre-flight check
[root@linuxcnf-server ~]#

In above output, No errors are detected during the pre-flight check and can reload the nagios service:

[root@linuxcnf-server ~]# service nagios reload
Reloading nagios configuration (via systemctl):            [  OK  ]
[root@linuxcnf-server ~]#

It’s done. Now check the SSL certificate expiry status on Nagios console and Nagios also will generate alerts [warning, critical] when SSL certificates near their expiration date.


  1. You made some first rate factors there. I seemed on the internet for the difficulty and located most people will go along with together with your website. webflow developer

  2. The subsequent time I learn a weblog, I hope that it doesnt disappoint me as much as this one. I imply, I do know it was my choice to learn, but I really thought youd have one thing interesting to say. All I hear is a bunch of whining about something that you might fix in case you werent too busy looking for attention. webflow development agency

  3. Outstanding post, I appreciat website owners should learn a lot from this blog its real user pleasant. interface designer

  4. It is truly a well-researched content and excellent wording. I got so engaged in this material that I couldn’t wait to read. I am impressed with your work and skill. Thanks. Domain SSL certificate for sale online

  5. Great article mate, keep the great work, just shared this with ma friendz top development companies