From e10edaa8c45a3e9d0a894ccbe4fd23cd0cf94823 Mon Sep 17 00:00:00 2001
From: Panos Rontogiannis <pronto@admin.grnet.gr>
Date: Thu, 5 Jan 2023 12:43:23 +0200
Subject: [PATCH] use last_over_time to make certificate rules less prone to
 flapping

---
 _data/rules.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/_data/rules.yml b/_data/rules.yml
index 024e3fa..49d3e39 100644
--- a/_data/rules.yml
+++ b/_data/rules.yml
@@ -389,15 +389,15 @@ groups:
                 severity: critical
               - name: Blackbox SSL certificate will expire soon
                 description: SSL certificate expires in 30 days
-                query: 'probe_ssl_earliest_cert_expiry - time() < 86400 * 30'
+                query: 'last_over_time(probe_ssl_earliest_cert_expiry[10m]) - time() < 86400 * 30'
                 severity: warning
               - name: Blackbox SSL certificate will expire soon
                 description: SSL certificate expires in 3 days
-                query: 'probe_ssl_earliest_cert_expiry - time() < 86400 * 3'
+                query: 'last_over_time(probe_ssl_earliest_cert_expiry[10m]) - time() < 86400 * 3'
                 severity: critical
               - name: Blackbox SSL certificate expired
                 description: SSL certificate has expired already
-                query: 'probe_ssl_earliest_cert_expiry - time() <= 0'
+                query: 'last_over_time(probe_ssl_earliest_cert_expiry[10m]) - time() <= 0'
                 severity: critical
                 comments: |
                   For probe_ssl_earliest_cert_expiry to be exposed after expiration, you