Oct 27, 2021
Forgot to renew the TLS certificates? Monika will remind you from now on
What is the thing that makes you open your eyes quickly when you just woke up? The smell of breakfast in bed? Your loud neighbor mowing the lawn in the morning? Knowing that the weekend has come? Or a notification from your boss saying that he couldn’t open the website because of some error called ERR_CERT_DATE_INVALID and says that your website is not secure? For me, it’s the weekend, no doubt. But for some people, it’s the expired TLS certificate that causes your website couldn’t be accessed.
Turns out that the automatic CRON job that’s supposed to renew your Let’s Encrypt certificates isn’t working. You made sure that you’ve read that Digital Ocean tutorial thoroughly. “I think I already did the right thing according to the tutorial, but why?” said yourself in confusion. But it’s not the right time to wonder why it happens, it’s time to renew the certificates. You run a single command to renew it, and voila. Everything is back to normal.
Sure, the story above rarely happens if your CRON job never fails. But systems are meant to be broken because it is created by humans, and to err is human. So, let’s be safe rather than sorry by using Monika as your reminder if your TLS certificate has expired.
Using Monika as your soon-to-be-expired-TLS certificate reminder
New kid on the block? Let me tell you about Monika first. Monika is an open-source and free synthetic monitoring command-line application. The name Monika stands for “Monitoring Berkala”, which means “periodic monitoring” in the Indonesian language.
With Monika, you can add as many websites as you want to monitor. You can monitor several undesirable events such as service outages or slow services. In addition, you can configure Monika to send notifications of the incidents on your services through your favorite communication tools like SMTP mail, Telegram, WhatsApp (It’s free!), etc.
Without further ado, let’s get started. First, make sure you have installed Monika by running npm install -g @hyperjumptech/monika if you’re using NPM, but you can download the prebuilt binary from our release page if you prefer to.
We’re going to be using https://github.com as a good TLS certificate example and https://expired.badssl.com as a bad TLS certificate example.
Let’s breakdown the basic configuration for the TLS checker:
notifications:
(omitted)...
probes:
(omitted)...
certificate:
domains:
- expired.badssl.com
- domain: github.com
options:
path: '/'
reminder: 30In the certificate block, there are two keys, which is domains and reminder that you need to specify first. domains is the list of domains you want to check. You can put your domain as an entry or you can use a domain object with HTTPS request options, which you can read all available options in the Node documentation. reminder is the number of days to send a notification before the TLS certificate expires.
If we take a look at the example above, we want to check the TLS certificate expiry for https://expired.badssl.com and https://github.com with specific path ‘/’, and we want to be reminded if our certificate is going to be expired in 30 days.
With that said, let’s create a new configuration and save it as monika.yml in your local disk:
In the configuration above, we want to monitor our website's performance and the TLS certificate expiry. Now that we have our configuration ready, it’s time to run it with Monika. Go to the directory where you saved the Monika configuration, and run Monika straight away using monika -c monika.yml
When you run Monika with TLS checking, Monika will first check if the TLS certificate is still valid or not, and will tell you that Monika will check the TLS certificate every day at 00:00. If there is any certificate that is going to be expired or already expired, it will send you a notification through your notification channels. So if you have set up an SMTP notification channel, you will get notifications straight to your email.
Congratulations! Now that you have successfully monitored your website performance, you will be notified if your TLS certificate has expired!
Closing
TLS certificate is important because you cannot serve your website using HTTPS without them. And if you’re not using HTTPS, chances are eavesdroppers and hackers are able to see what you transmit which is particularly useful for private and sensitive information.
With Monika, you don’t have to worry about expiring TLS certificates anymore. Not that only you have prevented your TLS certificate from being expired, you also monitored your website performance. Hitting two birds with one stone.
If you’re having a problem with using Monika, don’t hesitate to create an issue on Monika’s Github Issue Page. If you like this article, don’t forget to clap and share this article with your friends!
Now that October is almost ending, this year’s Hacktoberfest will come to an end as well. Feel free to contribute to Monika this month by helping us resolve open issues with the “hacktoberfest” label on it.
That’s it for today, see you next time!
Hyperjump is an open-source-first company providing engineering excellence service. We aim to build and commercialize open-source tools to help companies streamline, simplify, and secure the most important aspects of its modern DevOps practices.
