(DC) Renewal Reminder Tools
Description
This page provides some background and a list of tools that can be used to help server administrators not lose track of when their SSL certificates are going to expire which causes services that rely on them to go down.
Never rely on a single method, as the phrase "don't put all your eggs in one basket...". Instead diversify your methods of tracking the SSL certificates for your services to ensure they do not expire.
Best Option
Utilizing software automation tools available to everyone, you can have a script that will automatically renew a SSL certificate, fetch it, and install it on your server.
There are various solutions that can perform these tasks that are both commercial ($$$) and free (open-source) that require some reading and setting up on your service/server.
Tools available to ITS Customers
If your service is hosted on the F5 Load Balancer (aka Application Delivery Service) and have the SSL certificate for your services hosted by the F5, the process is automatic, nothing you need to do other than let the team know if the service is discontinued.
Ask for your website to be monitored by the Web Application Monitoring service (ThousandEyes). Request very simple up / down status with SSL certificate expiration check. Request the test be set to the highest monitoring interval (1 hour). You can received alerts via email, Splunk or Text messages (email to SMS).
Ansible Automation Platform - this is a automation tool that uses playbooks to monitor SSL certificates and complete the process of requesting, obtaining, and installing new certificates. This tool requires that you understand your service and the SSL certificate maintenance procedures that this tool can automate.
Third-party Reminder Tools
PLEASE NOTE: Providing this list of tools is not considered an endorsement or recognition in any official capacity, and are only provided as suggestions.
🔐 SSL Certificate Expiration Alerts
https://alerts.httpscop.com/
This site allows you to enter a domain or FQDN and it will send you an email alert 14-days in advanced. A very simple and uncomplicated solution. (https://alerts.httpscop.com/#catch)
If you have docker and development skills, you can try out the following open-source projects:
https://keychest.net/
The free ("personal") registration of this service, allows the monitoring for up to one hundred (100) endpoints.
https://app.remindax.com/signup OR https://uptimerobot.com/pricing/
These sites advertised free sign-up and free monitoring (50 endpoints) forever, no expiring trials, etc..
https://letsmonitor.org/
Untested to the number of monitors allowed, but at the moment it seems unlimited.
A Microsoft Windows tool, might be useful: https://techcommunity.microsoft.com/t5/skype-for-business-blog/certificate-expiration-alerting/ba-p/620216
Other monitoring sites:
Other Suggestions
Implement a calendar alert within your favorite calendaring system on your computer, smartphone, or tablet. Determine when your SSL certificate expires (see this article) and then set an alert 1 month in advance to start the request and process of renewing the certificate, receiving it and installing it.