I won't ask "why is this happening" because enough has been said about that, the reasoning behind it or what "probe_ssl_earliest_cert_expiry" does, does not or should do.
I only have one question which is, what will happen after the expiry of the "Sectigo AddTrust External CA Root" certificate on the 30th of May. To be completely honest, my knowledge of certificates and everything around it is as much as it has to be to solve daily tasks and problems if they ever occur. I'd expect the certificate to have to be renewed so that it's signed by a root certificate other than the "Sectigo AddTrust External CA Root", but is this the only solution? I'm trying to reduce upcoming false positives by silencing some of the alerts beforehand but this doesn't feel like a practical "solution" and requires us to manually remind ourselves to re-issue the certificate in a year or something (some earlier than others). I've tried using the SSL Exporter but this gave me problems when I tried to determine what certificate was an end-user certificate and should alert upon, but that is a whole other story. I hope someone can clarify this a bit more! -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/c86ad060-97da-4fc5-a1df-dae0bff078b9%40googlegroups.com.
