ranting-moth

That rant sounds like me some years and years ago.

I don't mind if the protocol if FUBAR. It works for me and it works for an awful lot of people. And it encrypts the web.

Before that, it was manually re-creating a cert, faffing with chains (converting formats and dealing with bad documentation) and update the production servers manually. It was a royal PITFA.

Don't forget to set a calendar reminder for the next year's renewal.

agjmills

Or better, an alert to check the cert is still valid

yebyen

You don't want an alert to check the cert is still valid, that's how you get outages. It's an alert to check cert has at least 2 weeks or more life left in it! (So it either fires ideally before you leave for that long vacation, or so that you can still take care of it when you get back.)

agjmills

But also check it’s still valid, because revocations

GauntletWizard
This is all built in very nicely to https://github.com/prometheus/blackbox_exporter - Though they could use a blazing red link to an example rules file.