From 916ac1af8f2c3df55255b6024932924c1aa5fcd0 Mon Sep 17 00:00:00 2001
From: Yashar Nesabian <nesabian@gmail.com>
Date: Wed, 20 Jan 2021 14:51:23 +0330
Subject: [PATCH] added ssl/tls exporter alert rules

---
 _data/rules.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/_data/rules.yml b/_data/rules.yml
index c60ab90..e6f0774 100644
--- a/_data/rules.yml
+++ b/_data/rules.yml
@@ -1267,6 +1267,28 @@ groups:
                 query: "minio_disk_storage_free_bytes / 1024 / 1024 / 1024 < 10"
                 severity: warning
 
+      - name: SSL/TLS
+        exporters:
+          - name: ssl_exporter
+            doc_url: https://github.com/ribbybibby/ssl_exporter
+            rules: 
+              - name: SSL probe failed
+                description: Failed to fetch SSL information {{ $labels.instance }}
+                query: ssl_probe_success == 0
+                severity: critical
+              - name: OSCP status unknown
+                description: Failed to get the OSCP status {{ $labels.instance }}
+                query: ssl_ocsp_response_status == 2
+                severity: warning
+              - name: SSL revoked
+                description: SSL certificate revoked {{ $labels.instance }}
+                query: ssl_ocsp_response_status == 1
+                severity: critical
+              - name: Certificate expiry (< 7days)
+                description: '{{ $labels.instance }} Certificate is expiring whithin the next 7 days: {{ $value | humanizeDuration }}'
+                query: ssl_verified_cert_not_after{chain_no="0"} - time() < 86400 * 7
+                severity: critical
+
       - name: Juniper
         exporters:
           - name: czerwonk/junos_exporter