we are all supposed to use the official thing right? however it is awful to handle multiple ssl endpoints at once, and requires zabbix server v7.4 for that matter.
on the zabbix agent2
cd /etc/zabbix/
vi ssldomains
some.domain.tld
another.domain.tld
cd /etc/zabbix/
vi ssl.bash
#!/bin/bash
domains=`cat /etc/zabbix/ssldomains`
echo -n '{"data":['
for domain in $domains; do
# all records as one line to catch the trailing comma
echo -n "{\"{#SSLDOMAIN}\":\"$domain\"},"
done | sed 's/,$//'; unset domain
echo ']}'
chmod +x ssl.bash
cd /etc/zabbix/zabbix_agent2.d/plugins.d/
vi ssl.conf
UserParameter=ssl.discovery,/etc/zabbix/ssl.bash
import https://github.com/marcpope/zabbix-multisslperhost/blob/main/zbx_ssl_template.yaml
name: SSLCheckCustom template groups: templates/applications descr: https://github.com/marcpope/zabbix-multisslperhost
on the zabbix agent2
wget https://github.com/szazeski/checkssl/releases/download/v0.5.0/checkssl_0.5.0_$(uname -s)_$(uname -m).tar.gz \ -O checkssl.tar.gz tar -xf checkssl.tar.gz rm -f README.md LICENSE mv -i checkssl /usr/local/bin/ chmod +x /usr/local/bin/checkssl cd /etc/zabbix/ vi zabbix_agent2.conf AllowKey=system.run[*] cd /etc/zabbix/ vi wrapper-checkssl #!/bin/bash [[ -z $1 ]] && echo domain? && exit 1 /usr/local/bin/checkssl -days=5 -no-color $1 chmod +x wrapper-checkssl cd /etc/zabbix/zabbix_agent2.d/plugins.d/ vi ssl2.conf UserParameter=ssl2.discovery,/etc/zabbix/ssl.bash
note we’re pointing to the same domain listing script as above
name: checkssl template groups: templates/applications descr: https://www.checkssl.org/
name: checkssl-discovery key: ssl2.discovery update interval: 10m storage period: 90d
name: checkssl {#SSLDOMAIN}
key: system.run[/etc/zabbix/wrapper-checkssl {#SSLDOMAIN}]
type: text
update interval: 1m
storage period: 90d
https://support.zabbix.com/browse/ZBX-22090 ==> import msg no worries
https://www.zabbix.com/integrations/ssl
https://www.zabbix.com/documentation/current/en/manual/guides/monitor_certificate
https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/app/certificate_agent2
https://blog.zabbix.com/handy-tips-9-native-ssl-tls-certificate-monitoring/17463/
https://github.com/marcpope/zabbix-multisslperhost ==> used above as for #1 - works but only checks expiration
https://github.com/a-schild/zabbix-ssl ==> outdated and briefly tested (template doesnt seem to work)
https://github.com/Cybertinus/zabbix-ssl-check
https://gist.github.com/Abdukosim/3329745108a9a571ff64fc76ba75257b ==> only expiration time
https://www.zabbix.com/documentation/current/en/manual/config/items/userparameters
https://www.zabbix.com/documentation/current/en/manual/config/items/restrict_checks
https://sbcode.net/zabbix/system-run/