Any certificate in the chain which is expired or invalid will "break things": i.e. clients will not accept the certificate as valid, if they cannot establish a chain of trust back to the root.
>From the linked github discussion about negative time to expire, I understood these would be hugely negative values - effectively that the certificate "expired" in the year 1AD. You can filter out those by ignoring alerts where the time to expire is enormously negative. Also, that condition will only occur if you set "insecure_skip_verify: true" which means "don't perform any validation of the certificate". You can avoid this but *not* setting insecure_skip_verify. If the certificate was signed by a private CA, then provide the private CA's root certificate in the tls_config section, so that blackbox_exporter can validate it. -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/e1cadbe1-02c1-4aec-80bb-427ec7383b55o%40googlegroups.com.
