x509dashboard.png
Just place the configuration to your telegraf instance and import the Dashboard template.
To just have a Box with the next due certificate on your main Situation Room Dashboard you can use the following query:
SELECT (bottom(expiry,common_name,1)/60/60/24) as exp,common_name FROM "x509_cert" WHERE time >= now() - 1h
It's easy to maintain the Config in a Git repo and pull it ever few hours to your Telegraf Server. Such a Cron could look like:
0 0,3,6,9,12,15,18,21 * * * /usr/bin/git archive --remote=ssh://git@your.gitrepo:7999/sslchec/domains.git HEAD certs.conf|tar -xO > /etc/telegraf/telegraf.d/certs.conf && killall -1 telegraf
Collector Configuration Details
File: /etc/telegraf/telegraf.d/certs.conf
[[inputs.x509_cert]]
interval = "300s"
## List certificate sources
sources = [
"https://my.host.to.monitor:443",
"https://my.second.host.to.monitor:443"
]
## Timeout for SSL connection
# timeout = "5s"
## Pass a different name into the TLS request (Server Name Indication)
## example: server_name = "myhost.example.org"
# server_name = "myhost.example.org"
## Optional TLS Config
# tls_ca = "/etc/telegraf/ca.pem"
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"