
Show HN: SSL certificate dashboard - Jens_
https://github.com/JensDebergh/certificate-dashboard
======
koolba
A better approach is to have an automated alert for certificates that are
expiring soon (next X days) then sending out an alert. Or even better, switch
to automatically rotating certs on a regular basis via letsencrypt.

Rotating certs is like restoring backups, if you only do it when shit hits the
fan (server crashed or cert expired), you're doing it wrong.

~~~
y0ghur7_xxx
> Rotating certs is like restoring backups, if you only do it when shit hits
> the fan (server crashed or cert expired), you're doing it wrong.

you restore backups even if the server is still ok? why?!

~~~
mattkirman
How do you know if your backups are good? Better to test a restore when
everything is still working fine rather than waiting until you really need it
and then finding out that your backups are broken.

------
centur
these 2 dashboards have a lot of in common...

[https://github.com/JensDebergh/certificate-
dashboard](https://github.com/JensDebergh/certificate-dashboard)
[https://github.com/cmrunton/tls-dashboard](https://github.com/cmrunton/tls-
dashboard)

~~~
Jens_
You are right its the exact same dashboard. I never said it was original. I've
used the static version of crumtons project and turned it into a configurable
webservice. While doing so I copied and modified code from the original
project, wrote some tests and published it as is.

I didn't remember the name of the original author/project, until someone
linked me towards the github page. Since then I've added a proper link.

It was never my intend to steal copyrighted material. I just wanted it to be
done how I thought it should be done.

~~~
craine
Hi Jens_. I'm the one who wrote the TLS certificate dashboard that the other
posters are referring to here. While I don't mind people forking the dashboard
I made and modifying it for their own purposes (that's why I put it up on GH
after all), I do mind when proper credit isn't given for the work that I've
done. I'm not interested in starting a war of words on the Internet, so all
I'll say at this point is that I appreciate that you've updated your readme
with a link to my project and added the license to your repo. Have a great
day.

------
joshmn
I spent a weekend building a certificate dashboard right into Calendar.app.
The front-end may not be React and the back-end definitely isn't written in
Go, but it works really well. I didn't even need to install Redis or another
NoSQL database. The CRUD is outstanding and the search support is great, even
if its not based on Solr.

I ported my solution to both Google Calendar and whatever that thing is that
would be the Microsoft equivalent. Full mobile support, entirely cross-
platform. You can even use it on someone else's computer I mean cloud.

------
biot
This is easy to do with Nagios and the check_http plugin, and Nagios is then
your dashboard for not just SSL expiration but every other service you are (or
should be) monitoring as well.

~~~
vacri
Simple if you already have Nagios set up and running... far from simple if you
haven't.

Though someone here posted a video a couple of years ago where the speaker was
imploring "Stop using Nagios [it's terrible]". At the end, someone asked him
what they should use instead, to which the speaker didn't have an answer (his
tool that he was speaking about was still in development)

Edit: but yes, you're right in that the important thing is that the tool will
alert you without you having to remember to check it.

------
i_have_to_speak
Here's a command-line one written in Go: [https://www.opsdash.com/blog/check-
ssl-certificate.html](https://www.opsdash.com/blog/check-ssl-certificate.html)

~~~
stevekemp
If you clone my sysadmin utilities, from here:

[https://github.com/skx/sysadmin-util](https://github.com/skx/sysadmin-util)

You'll find:

    
    
         $ ssl-expiry-date bbc.co.uk
         bbc.co.uk
            Expires: Mar 15 17:01:06 2017 GMT
            Days: 289
    

That uses openssl, bash, and other standard facilities available upon
Unix/Linux systems.

------
ajclark
Very cool! We use Jenkins to check when our SSL certificates are approaching
30 days until expiration. A simple call to openssl(1) works great!

Good stuff!

