Should solve problem with the added benefit that removing the old Root CA is probably a good test to do anyway.
--Matt On Tue, May 12, 2020 at 6:40 PM Harald Koch <[email protected]> wrote: > On Tue, May 12, 2020, at 18:34, Julian van den Berkmortel wrote: > > It's in regards to the "probe_ssl_earliest_cert_expiry" metric which uses > the date of the earliest expiring certificate in the chain as its value. > Its value at the moment is the 30th of May because the root certificate is > the certificate which will expire the earliest in the certificate chain > right now, even though the end-user certificate won't expire for the next > couple of months and stay valid because of the cross signing certificates > as you explained (thus causing the false-positives alerts). > I was curious whether there is another solution to prevent false-positives > but keep alerting active for the domains in question which have the > expiring certificate as their root certificate, other than completely > renewing the certificate. > > > - make sure the newer (cross-signing) certs are in your trust store, so > that the blackbox exporter can find a valid chain to/through them. > - remove the expiring Root CA from your trust store. > > Problem solved? > > -- > Harald > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-users/9e7d225d-a0a5-4250-859c-b0079905c14b%40www.fastmail.com > <https://groups.google.com/d/msgid/prometheus-users/9e7d225d-a0a5-4250-859c-b0079905c14b%40www.fastmail.com?utm_medium=email&utm_source=footer> > . > -- --Matt -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/CAGyBzczGirXVZs%2B8rKuV-yzVV%2BDYacYeXE5CRXbKAHunVbXJCA%40mail.gmail.com.
