Hyperjump Tech
Published in

Hyperjump Tech

Forgot to renew the TLS certificates? Monika will remind you from now on

Photo by Markus Winkler on Unsplash

What is the thing that makes you open your eyes quickly when you just woke up? The smell of breakfast in bed? Your loud neighbor mowing the lawn in the morning? Knowing that the weekend has come? Or a notification from your boss saying that he couldn’t open the website because of some error called ERR_CERT_DATE_INVALID and says that your website is not secure? For me, it’s the weekend, no doubt. But for some people, it’s the expired TLS certificate that causes your website couldn’t be accessed.

Turns out that the automatic CRON job that’s supposed to renew your Let’s Encrypt certificates isn’t working. You made sure that you’ve read that Digital Ocean tutorial thoroughly. “I think I already did the right thing according to the tutorial, but why?” said yourself in confusion. But it’s not the right time to wonder why it happens, it’s time to renew the certificates. You run a single command to renew it, and voila. Everything is back to normal.

Sure, the story above rarely happens if your CRON job never fails. But systems are meant to be broken because it is created by humans, and to err is human. So, let’s be safe rather than sorry by using Monika as your reminder if your TLS certificate has expired.

Using Monika as your soon-to-be-expired-TLS certificate reminder

New kid on the block? Let me tell you about Monika first. Monika is an open-source and free synthetic monitoring command-line application. The name Monika stands for “Monitoring Berkala”, which means “periodic monitoring” in the Indonesian language.

With Monika, you can add as many websites as you want to monitor. You can monitor several undesirable events such as service outages or slow services. In addition, you can configure Monika to send notifications of the incidents on your services through your favorite communication tools like SMTP mail, Telegram, WhatsApp (It’s free!), etc.

Without further ado, let’s get started. First, make sure you have installed Monika by running npm install -g @hyperjumptech/monika if you’re using NPM, but you can download the prebuilt binary from our release page if you prefer to.

We’re going to be using https://github.com as a good TLS certificate example and https://expired.badssl.com as a bad TLS certificate example.

Let’s breakdown the basic configuration for the TLS checker:

notifications: 
(omitted)...
probes:
(omitted)...
certificate:
domains:
- expired.badssl.com
- domain: github.com
options:
path: '/'
reminder: 30

In the certificate block, there are two keys, which is domains and reminder that you need to specify first. domains is the list of domains you want to check. You can put your domain as an entry or you can use a domain object with HTTPS request options, which you can read all available options in the Node documentation. reminder is the number of days to send a notification before the TLS certificate expires.

If we take a look at the example above, we want to check the TLS certificate expiry for https://expired.badssl.com and https://github.com with specific path ‘/’, and we want to be reminded if our certificate is going to be expired in 30 days.

With that said, let’s create a new configuration and save it as monika.yml in your local disk:

In the configuration above, we want to monitor our website's performance and the TLS certificate expiry. Now that we have our configuration ready, it’s time to run it with Monika. Go to the directory where you saved the Monika configuration, and run Monika straight away using monika -c monika.yml

Up and running!

When you run Monika with TLS checking, Monika will first check if the TLS certificate is still valid or not, and will tell you that Monika will check the TLS certificate every day at 00:00. If there is any certificate that is going to be expired or already expired, it will send you a notification through your notification channels. So if you have set up an SMTP notification channel, you will get notifications straight to your email.

Congratulations! Now that you have successfully monitored your website performance, you will be notified if your TLS certificate has expired!

Closing

TLS certificate is important because you cannot serve your website using HTTPS without them. And if you’re not using HTTPS, chances are eavesdroppers and hackers are able to see what you transmit which is particularly useful for private and sensitive information.

With Monika, you don’t have to worry about expiring TLS certificates anymore. Not that only you have prevented your TLS certificate from being expired, you also monitored your website performance. Hitting two birds with one stone.

If you’re having a problem with using Monika, don’t hesitate to create an issue on Monika’s Github Issue Page. If you like this article, don’t forget to clap and share this article with your friends!

Now that October is almost ending, this year’s Hacktoberfest will come to an end as well. Feel free to contribute to Monika this month by helping us resolve open issues with the “hacktoberfest” label on it.

That’s it for today, see you next time!

Hyperjump is an open-source-first company providing engineering excellence service. We aim to build and commercialize open-source tools to help companies streamline, simplify, and secure the most important aspects of its modern DevOps practices.

--

--

--

Open source first. Cloud native. DevOps excellence.

Recommended from Medium

Agile vs Classic Project Management Principles

How to get Classic Widgets back in WordPress 5.8

How to get Classic Widgets back in WordPress 5.8

Unable to Complete Testing in the Sprint

Export users from Amazon Cognito User Pool

ACA Week 6 — Immutability and Algorithms

Instructions & Data

What it’s like to build and market a chatbot when you’re only 14 years old

The shared files deletion conundrum.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Denny Pradipta

Denny Pradipta

Full-stack developer who loves to explore new technologies. Uses MongoDB, Express, React, and Node daily. Regularly writing for Hyperjump Technologies.

More from Medium

Managing site certificates with NGINX and Certbot

Get your daily summary of your Monika instances using Status Notification

Replace Docker Desktop with Rancher Desktop and Docker daemon on Mac in 5 mins

Listening process and ports on Mac OS