Type: ssl_cert | Runner: Dashboard
Opens a TLS connection to one or more hostnames and reads the certificate expiry date. Alerts in advance when certificates are approaching expiry.
fail_days thresholdwarn_days threshold| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
hosts |
URL multiselect | Yes | — | Select the client URLs to check. The hostname is extracted from each URL for the TLS handshake. |
port |
number | No | 443 |
TCP port for the TLS connection |
warn_days |
number | No | 14 |
Warn if any certificate expires within this many days (inclusive) |
fail_days |
number | No | 3 |
Fail if any certificate expires within this many days (inclusive). Must be less than warn_days. |
timeout |
number | No | 10 |
Connection timeout in seconds |
allow_self_signed |
checkbox | No | false |
Accept self-signed and internal-CA certificates. Enable for internal services. |
| Status | Condition |
|---|---|
| OK | All certificates are valid and expire beyond warn_days |
| Warn | At least one certificate expires within warn_days but not within fail_days |
| Fail | At least one certificate expires within fail_days or has already expired |
| Fail | TLS handshake fails (invalid cert, connection error) |
| Unknown | No hosts configured |
When multiple hosts are configured, the overall status is the worst of all individual results. The message lists all problem hosts; OK hosts are counted (N OK).
allow_self_signed.