Show HN: Free Certificate Monitoring via RSS

Cool! I have a strange affinity for RSS and created* a small plugin to subscribe to feeds within Event-Driven Ansible** and run actions on new feed posts. I didn&#x27;t create it with specific utility in mind, certificate monitoring via RSS fits right in there - much to my surprise.<p>* - <a href="https:&#x2F;&#x2F;github.com&#x2F;cloin&#x2F;cloin.eda&#x2F;blob&#x2F;main&#x2F;docs&#x2F;rss.rst">https:&#x2F;&#x2F;github.com&#x2F;cloin&#x2F;cloin.eda&#x2F;blob&#x2F;main&#x2F;docs&#x2F;rss.rst</a><p>** - <a href="https:&#x2F;&#x2F;github.com&#x2F;ansible&#x2F;ansible-rulebook">https:&#x2F;&#x2F;github.com&#x2F;ansible&#x2F;ansible-rulebook</a>

Neat!<p>Recently my Synology NAS failed to automatically renew its Let&#x27;s Encrypt certificate for my domain name and the certificate expired on my blog. I caught it the next day when my GoAccess metrics cratered (took some time to figure out since I normally use the QuickConnect domain name myself, whose certificate was fine), but it could&#x27;ve stayed broken for a very long time otherwise without me noticing.<p>You got yourself a subscriber.

Love the concept! It&#x27;d be cool if it was self-hostable, it&#x27;d be nice for monitoring certs in my homelab.

You monitor for the failures ($currentDate &gt; $cert.NotAfter), great.<p>What about soft failures, like connection problems? What if the cert is available but actually garbage? What if between 30 and 7 days the cert is changed?<p>And no, not checking FQDN against SAN is...<p>And finally, who monitors the monitoring?

Fantastic. I love when someone stitches existing tools to solve a problem in a novel and elegant way.

For transparency monitoring there&#x27;s also <a href="https:&#x2F;&#x2F;crt.sh&#x2F;?q=news.ycombinator.com" rel="nofollow">https:&#x2F;&#x2F;crt.sh&#x2F;?q=news.ycombinator.com</a> which doesn&#x27;t need a login, is free and has RSS support.

Uptime Kuma can also monitor certificate expiration; you can also enable it to show you how many days are left until it expires.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;louislam&#x2F;uptime-kuma">https:&#x2F;&#x2F;github.com&#x2F;louislam&#x2F;uptime-kuma</a>

Hey. Thanks for making this. It really solves this silly use-case I have for certs that I can never get automated management going.<p>I have to submit a change request to get this added to our monitoring platform, and this is just so much simpler.<p>Thank you!

Interesting. Choice of rss is nice because there are already a good number of &quot;convert&#x2F;insert rss into x&quot; tools that can be used to generate other modes of monitoring&#x2F;alerts.

Love it! A parameter to pick which notifications would be appreciated, e.g. I might only want the 1 day in advance.<p>And perhaps also specifying a port, for services not on 443?

I use Nagios to warn on cert expirations. Things should auto renew yes, but this catches the times that they don&#x27;t.

Super neat tool, but given that I use Caddy, that kinda prevents this issue from happening for me. While a monitoring tool is always a good idea, maybe the best long-term solution would be to encourage certificate auto-renewal tools. OTOH, I have only worked with this on a personal level, so maybe there&#x27;s problems with auto-renewal that I haven&#x27;t learned about.

&gt; No guarantees are given, for nothing<p>This is a double negative. Depending on how you interpret the comma, it could mean &quot;guarantees are given for everything.&quot; (Pointing this out in case you intend to protect yourself from liability with this statement.)