It is good practice to separate Nagios checks of your web server being available from checking SSL certificate expiry. The latter need only be run once per day and should not add unnecessary noise to a more immediately important web service failure.
To use check_http
to monitor SSL certificate expiry dates, first ensure you have a daily service definition – let’s call this service-daily
. Now create two service commands as follows:
define command{ command_name check_cert command_line /usr/lib/nagios/plugins/check_http -S \ -I $HOSTADDRESS$ -w 5 -c 10 -p $ARG1$ -C $ARG2$ } define command{ command_name check_named_cert command_line /usr/lib/nagios/plugins/check_http -S \ -I $ARG3$ -w 5 -c 10 -p $ARG1$ -C $ARG2$ }
The second is useful for checking named certificates on additional IP addresses on web servers serving multiple SSL domains.
We can use these to check SSL certificates for POP3, IMAP, SMTP and HTTP:
define service{ use service-daily host_name mailserver service_description POP3 SSL Certificate check_command check_cert!993!21 } define service{ use service-daily host_name mailserver service_description IMAP SSL Certificate check_command check_cert!995!21 } define service{ use service-daily host_name mailserver service_description SMPT SSL Certificate check_command check_cert!465!21 } define service{ use service-daily host_name webserver service_description SSL Cert: www.example.com check_command check_named_cert!443!21!www.example.com } define service{ use service-daily host_name webserver service_description SSL Cert: www.example.net check_command check_named_cert!443!21!www.example.net }