Does this resolved? same issue i am facing with it.
Regards,
James
On Wednesday, April 1, 2020 at 5:41:55 AM UTC+8, Christian Hoffmann wrote:
>
> Hi Amjad,
>
> blackbox_exporter's probe_ssl_earliest_cert_expiry outputs exactly what
> the name says -- the *earliest* cert expiry, i.e. when this certificate
> will become invalid as seen from a user/browser/client validating this
> cert. This is not necessarily identical to the value of the end of
> validity of your single certificate.
>
> To be more specific:
> The certificate used by your web server would be valid until Dec 10
> 2020, as you said. This certificate is signed by an intermediate CA
> which is valid until Jul 3rd 2024. This intermediate is signed ba a CA
> which expires May 30 2020. See below for a crazy one-liner which
> demonstrates this using openssl/awk.
>
> blackbox_exporter outputs this as the value 1.590835718e+09. This is a
> unix timestamp, represented in scientific notation. In "normal"
> representation, this is 1590835718.0, which translates to May 30 2020 as
> expected. :)
>
> So, if you had an alert based on this metric, it would properly warn you
> that your site would stop working for most users at the end of May 2020.
>
> You also mentioned the value "5180010.404999971", however, I did not
> find this anywhere in the output...? Maybe some typo / conversion error
> somewhere?
>
> Kind regards,
> Christian
>
>
> $ openssl s_client -servername cms-site-admin-live.tajawal.com -connect
> cms-site-admin-live.tajawal.com:443 -showcerts </dev/null 2>/dev/null |
> awk 'BEGIN { pipe="openssl x509 -noout -subject -dates" } /^-+BEGIN
> CERT/,/^-+END CERT/ { print | pipe } /^-+END CERT/ { close(pipe);
> printf("\n")}'
>
> subject=OU = Domain Control Validated, CN = *.tajawal.com
> notBefore=Dec 13 00:00:00 2017 GMT
> notAfter=Dec 10 23:59:59 2020 GMT
>
> subject=C = US, O = SSL.com, OU = www.ssl.com, CN = SSL.com DV CA
> notBefore=Jul 4 00:00:00 2014 GMT
> notAfter=Jul 3 23:59:59 2024 GMT
>
> subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> Network, CN = USERTrust RSA Certification Authority
> notBefore=May 30 10:48:38 2000 GMT
> notAfter=May 30 10:48:38 2020 GMT
>
>
> $ TZ= LC_ALL=C date --date=@$(python -c 'print(1.590835718e+09)')
> Sat May 30 10:48:38 UTC 2020
>
>
> On 3/31/20 3:53 PM, Amjad Syed wrote:
> >
> > I checked the cert chain and nothing is expiring.
> >
> >
> >
> > Host operating system: output of |uname -a|
> >
> > Linux blackbox-deployment-fbd566f88-l6b7d
> > 4.14.165-133.209.amzn2.x86_64 #1
> > <https://github.com/prometheus/blackbox_exporter/pull/1> SMP Sun Feb 9
> > 00:21:30 UTC 2020 x86_64 GNU/Linux
> >
> >
> > blackbox_exporter version: output of |blackbox_exporter -version|
> >
> > |/ # /bin/blackbox_exporter --version blackbox_exporter, version 0.16.0
> > (branch: HEAD, revision: 991f89846ae10db22a3933356a7d196642fcb9a9) build
> > user: root@64f600555645 build date: 20191111-16:27:24 go version:
> go1.13.4 |
> >
> >
> > What is the blackbox.yml module config.
> >
> > |modules: http_2xx_get: prober: http timeout: 5s http: method: GET |
> >
> >
> > What is the prometheus.yml scrape config.
> >
> > |- job_name: 'blackbox-live' metrics_path: /probe file_sd_configs: -
> > files: -
> > '/etc/prometheus/blackbox/targets/blackbox-example/blackbox-live.yml'
> > relabel_configs: - source_labels: [__address__] target_label:
> > __param_target - source_labels: [module] target_label: __param_module -
> > source_labels: [__param_target] target_label: instance - target_label:
> > __address__ replacement: blackbox.company.io |
> >
> >
> > What logging output did you get from adding |&debug=true| to the
> > probe URL?
> >
> > |s=2020-03-31T11:59:12.475392992Z caller=main.go:304 module=http_2xx_get
> > target=https://cms-site-admin-live.company.com/admin/ level=info
> > msg="Beginning probe" probe=http timeout_seconds=5
> > ts=2020-03-31T11:59:12.475517252Z caller=http.go:318 module=http_2xx_get
> > target=https://cms-site-admin-live.company.com/admin/ level=info
> > msg="Resolving target address" ip_protocol=ip6
> > ts=2020-03-31T11:59:12.479932352Z caller=http.go:318 module=http_2xx_get
> > target=https://cms-site-admin-live.company.com/admin/ level=info
> > msg="Resolved target address" ip=34.242.235.246
> > ts=2020-03-31T11:59:12.479981655Z caller=client.go:250
> > module=http_2xx_get
> > target=https://cms-site-admin-live.company.com/admin/ level=info
> > msg="Making HTTP request" url=https://34.242.235.246/admin/
> > host=cms-site-admin-live.company.com ts=2020-03-31T11:59:12.805876249Z
> > caller=main.go:119 module=http_2xx_get
> > target=https://cms-site-admin-live.company.com/admin/ level=info
> > msg="Received HTTP response" status_code=200
> > ts=2020-03-31T11:59:12.805950809Z caller=main.go:119 module=http_2xx_get
> > target=https://cms-site-admin-live.company.com/admin/ level=info
> > msg="Response timings for roundtrip" roundtrip=0
> > start=2020-03-31T11:59:12.480053551Z
> > dnsDone=2020-03-31T11:59:12.480053551Z
> > connectDone=2020-03-31T11:59:12.481023509Z
> > gotConn=2020-03-31T11:59:12.484239484Z
> > responseStart=2020-03-31T11:59:12.805832117Z
> > end=2020-03-31T11:59:12.805945783Z ts=2020-03-31T11:59:12.805998306Z
> > caller=main.go:304 module=http_2xx_get
> > target=https://cms-site-admin-live.company.com/admin/ level=info
> > msg="Probe succeeded" duration_seconds=0.330550216 Metrics that would
> > have been returned: # HELP probe_dns_lookup_time_seconds Returns the
> > time taken for probe dns lookup in seconds # TYPE
> > probe_dns_lookup_time_seconds gauge probe_dns_lookup_time_seconds
> > 0.004423017 # HELP probe_duration_seconds Returns how long the probe
> > took to complete in seconds # TYPE probe_duration_seconds gauge
> > probe_duration_seconds 0.330550216 # HELP probe_failed_due_to_regex
> > Indicates if probe failed due to regex # TYPE probe_failed_due_to_regex
> > gauge probe_failed_due_to_regex 0 # HELP probe_http_content_length
> > Length of http content response # TYPE probe_http_content_length gauge
> > probe_http_content_length -1 # HELP probe_http_duration_seconds Duration
> > of http request by phase, summed over all redirects # TYPE
> > probe_http_duration_seconds gauge
> > probe_http_duration_seconds{phase="connect"} 0.000969967
> > probe_http_duration_seconds{phase="processing"} 0.321592628
> > probe_http_duration_seconds{phase="resolve"} 0.004423017
> > probe_http_duration_seconds{phase="tls"} 0.004185941
> > probe_http_duration_seconds{phase="transfer"} 0.000113663 # HELP
> > probe_http_redirects The number of redirects # TYPE probe_http_redirects
> > gauge probe_http_redirects 0 # HELP probe_http_ssl Indicates if SSL was
> > used for the final redirect # TYPE probe_http_ssl gauge probe_http_ssl 1
> > # HELP probe_http_status_code Response HTTP status code # TYPE
> > probe_http_status_code gauge probe_http_status_code 200 # HELP
> > probe_http_uncompressed_body_length Length of uncompressed response body
> > # TYPE probe_http_uncompressed_body_length gauge
> > probe_http_uncompressed_body_length 6796 # HELP probe_http_version
> > Returns the version of HTTP of the probe response # TYPE
> > probe_http_version gauge probe_http_version 1.1 # HELP probe_ip_protocol
> > Specifies whether probe ip protocol is IP4 or IP6 # TYPE
> > probe_ip_protocol gauge probe_ip_protocol 4 # HELP
> > probe_ssl_earliest_cert_expiry Returns earliest SSL cert expiry in
> > unixtime # TYPE probe_ssl_earliest_cert_expiry gauge
> > probe_ssl_earliest_cert_expiry 1.590835718e+09 # HELP probe_success
> > Displays whether or not the probe was a success # TYPE probe_success
> > gauge probe_success 1 # HELP probe_tls_version_info Contains the TLS
> > version used # TYPE probe_tls_version_info gauge
> > probe_tls_version_info{version="TLS 1.2"} 1 Module configuration:
> > prober: http timeout: 5s http: ip_protocol_fallback: true method: GET
> > tcp: ip_protocol_fallback: true icmp: ip_protocol_fallback: true dns:
> > ip_protocol_fallback: true |
> >
> >
> > What did you do that produced an error?
> >
> >
> > What did you expect to see?
> >
> > * expire date: Dec 10 23:59:59 2020 GMT
> >
> >
> > What did you see instead?
> >
> > 5180010.404999971
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/ddfadac2-2e53-4d1c-9f0e-752bb0be00ac%40googlegroups.com.
