If you have an up-to-date trust store, the cross signing certificates for the newer root CAs should mean you don't have to do anything. If you don't have an updated trust store, you have work to do.
--Matt On Tue, May 12, 2020 at 5:26 PM Julian van den Berkmortel < [email protected]> wrote: > I won't ask "why is this happening" because enough has been said about > that, the reasoning behind it or what "probe_ssl_earliest_cert_expiry" > does, does not or should do. > > I only have one question which is, what will happen after the expiry of > the "Sectigo AddTrust External CA Root" certificate on the 30th of May. > To be completely honest, my knowledge of certificates and everything > around it is as much as it has to be to solve daily tasks and problems if > they ever occur. > I'd expect the certificate to have to be renewed so that it's signed by a > root certificate other than the "Sectigo AddTrust External CA Root", but is > this the only solution? > I'm trying to reduce upcoming false positives by silencing some of the > alerts beforehand but this doesn't feel like a practical "solution" and > requires us to manually remind ourselves to re-issue the certificate in a > year or something (some earlier than others). > > I've tried using the SSL Exporter but this gave me problems when I tried > to determine what certificate was an end-user certificate and should alert > upon, but that is a whole other story. > > I hope someone can clarify this a bit more! > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-users/c86ad060-97da-4fc5-a1df-dae0bff078b9%40googlegroups.com > <https://groups.google.com/d/msgid/prometheus-users/c86ad060-97da-4fc5-a1df-dae0bff078b9%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- --Matt -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/CAGyBzczauxTO3WYsW%3DBKynsEpAOesMi30u-H_Wr4d5FiicbTtg%40mail.gmail.com.
