this post was submitted on 30 Jan 2025
333 points (99.4% liked)

Selfhosted

60587 readers
1246 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I think it's a good idea, everyone should be automating this anyway.

you are viewing a single comment's thread
view the rest of the comments
[–] Ebby@lemmy.ssba.com 123 points 1 year ago (3 children)

Those emails have warned me something was pooched in advance many times. I do find them useful.

Sad to see them go, but nice they mention an alternative.

[–] themoonisacheese@sh.itjust.works 27 points 1 year ago (1 children)

Pretty much all monitoring solutions on the market track cert expiration nowadays. I get an alert when any of my certs have <5 days left

[–] a_fancy_kiwi@lemmy.world 5 points 1 year ago (3 children)

What monitoring solution do you use? I need to set something up for my own projects but haven't gotten around to it. Any experience with Nagios?

I set up uptime kuma to also monitor certs this week when I got the reminder email about them stopping the email warnings, been using it for some time for uptime monitoring (mostly to see if some auto docker image update screws up my services) and the notification parts has worked nicely for that, so I’m also assuming it will work nicely for the certificates

I use NewRelic myself. They are software agnostic and only connect to your URL to get the expiration date.

If you set up LE correctly, it should never get an alert. I haven't been alerted since I set it up, to the point that I wonder if I set up the monitor correctly.

The only thing I wish it could do is use custom ports. I have some services running on non standard ports.

[–] Getting6409@lemm.ee 1 points 1 year ago

If you have the time to spare (a few weeks perhaps, if coming from zero) to experiment and read, Prometheus and Grafana offers a lot and can be really flexible. I use a pretty simple bash script that scrapes my desired https endpoints and writes out the results to a file Prometheus (node-exporter) understands, and from there I can write alert rules in Grafana to fire off notices by email or slack.

I’ve mainly gotten false positives, myself. When I’ve added another subdomain or something and the certificate gets set up differently, so then you get 2-3 emails saying domain X will expire, but if you connect to the url you see it has 80+ days left. Setting up your own monitoring solution is probably long overdue for myself, and it’s nice I’m getting forced to do it, in a way

[–] humble_pete_digger@lemm.ee 5 points 1 year ago

Setup uptimekuma