mCert
SSL certificate monitoring with Slack/email alerts & Telegram
mCert
mCert is a comprehensive SSL certificate monitoring tool that provides proactive alerts for certificate expiration, security issues, and configuration problems. With support for Slack, email, and Telegram notifications, mCert ensures you never miss a certificate renewal deadline.
Overview
SSL certificate management is critical for maintaining secure web services. mCert automates the monitoring process, providing:
- Expiration Monitoring: Track certificate validity periods
- Multi-Channel Alerts: Slack, email, and Telegram notifications
- Security Scanning: Detect weak ciphers and vulnerabilities
- Bulk Monitoring: Monitor hundreds of certificates simultaneously
- Automated Reporting: Generate compliance and status reports
Features
🔍 Certificate Monitoring
- Real-time expiration tracking
- Multiple certificate format support (PEM, DER, PKCS#12)
- Wildcard and SAN certificate support
- Certificate chain validation
📱 Notification Channels
- Slack Integration: Rich notifications with status indicators
- Email Alerts: Detailed reports with certificate details
- Telegram Bot: Instant notifications with inline keyboards
- Webhook Support: Custom integrations via HTTP webhooks
🛡️ Security Analysis
- Cipher strength analysis
- Protocol version detection
- Certificate authority validation
- Vulnerability scanning
Installation
Docker Installation (Recommended)
# Pull the latest image
docker pull harrythedevopsguy/mcert:latest
# Run with configuration
docker run -d \
--name mcert \
-v $(pwd)/config:/app/config \
-v $(pwd)/logs:/app/logs \
harrythedevopsguy/mcert:latest
Python Installation
# Clone repository
git clone https://github.com/HarryTheDevOpsGuy/mCert.git
cd mCert
# Create virtual environment
python -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Install mCert
pip install -e .
Binary Installation
# Download latest release
wget https://github.com/HarryTheDevOpsGuy/mCert/releases/latest/download/mcert-linux-amd64.tar.gz
# Extract and install
tar -xzf mcert-linux-amd64.tar.gz
sudo mv mcert /usr/local/bin/
sudo chmod +x /usr/local/bin/mcert
Configuration
Basic Configuration
Create a mcert.yml configuration file:
# Global settings
global:
check_interval: 3600 # Check every hour
alert_days: [30, 14, 7, 1] # Alert at these days before expiration
timezone: "UTC"
# Certificate monitoring
certificates:
- name: "Production Web Server"
hostname: "example.com"
port: 443
alert_days: [30, 14, 7, 1]
- name: "API Gateway"
hostname: "api.example.com"
port: 443
alert_days: [30, 7, 1]
- name: "Internal Service"
hostname: "internal.example.com"
port: 443
alert_days: [14, 7, 1]
ignore_ssl_errors: true
# Notification channels
notifications:
slack:
enabled: true
webhook_url: "${SLACK_WEBHOOK_URL}"
channel: "#security-alerts"
username: "mCert Bot"
icon_emoji: ":lock:"
email:
enabled: true
smtp_server: "smtp.gmail.com"
smtp_port: 587
username: "${EMAIL_USERNAME}"
password: "${EMAIL_PASSWORD}"
from_address: "mcert@company.com"
to_addresses:
- "security@company.com"
- "devops@company.com"
telegram:
enabled: true
bot_token: "${TELEGRAM_BOT_TOKEN}"
chat_id: "${TELEGRAM_CHAT_ID}"
webhook:
enabled: true
url: "https://your-webhook.com/certificate-alerts"
headers:
Authorization: "Bearer ${WEBHOOK_TOKEN}"
Environment Variables
# Slack Configuration
export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/..."
# Email Configuration
export EMAIL_USERNAME="mcert@company.com"
export EMAIL_PASSWORD="your-app-password"
# Telegram Configuration
export TELEGRAM_BOT_TOKEN="123456789:ABCdefGHIjklMNOpqrsTUVwxyz"
export TELEGRAM_CHAT_ID="-1001234567890"
# Webhook Configuration
export WEBHOOK_TOKEN="your-webhook-token"
Usage
Command Line Interface
# Check all certificates
mcert check
# Check specific certificate
mcert check --hostname example.com --port 443
# Check with custom alert days
mcert check --alert-days 30,14,7,1
# Generate report
mcert report --format html --output certificates-report.html
# Start monitoring daemon
mcert daemon --config mcert.yml
# Test notifications
mcert test-notifications
Python API
from mcert import CertificateMonitor, NotificationManager
# Initialize monitor
monitor = CertificateMonitor(config_file='mcert.yml')
# Check single certificate
cert_info = monitor.check_certificate('example.com', 443)
print(f"Certificate expires: {cert_info.expiry_date}")
# Check all certificates
results = monitor.check_all_certificates()
# Send custom notification
notifier = NotificationManager(config_file='mcert.yml')
notifier.send_alert(
certificate='example.com',
days_remaining=7,
message='Certificate expires in 7 days!'
)
Notification Examples
Slack Notification
{
"text": "🔒 SSL Certificate Alert",
"attachments": [
{
"color": "warning",
"fields": [
{
"title": "Certificate",
"value": "example.com",
"short": true
},
{
"title": "Days Remaining",
"value": "7",
"short": true
},
{
"title": "Expiry Date",
"value": "2024-02-15 10:30:00 UTC",
"short": false
}
]
}
]
}
Email Template
<!DOCTYPE html>
<html>
<head>
<title>SSL Certificate Alert</title>
</head>
<body>
<h2>🔒 SSL Certificate Expiration Alert</h2>
<div style="background-color: #fff3cd; padding: 15px; border-radius: 5px;">
<h3>Certificate Details</h3>
<ul>
<li><strong>Hostname:</strong> example.com</li>
<li><strong>Days Remaining:</strong> 7</li>
<li><strong>Expiry Date:</strong> 2024-02-15 10:30:00 UTC</li>
<li><strong>Issuer:</strong> Let's Encrypt Authority X3</li>
</ul>
</div>
<p>Please renew this certificate as soon as possible to avoid service disruption.</p>
</body>
</html>
Telegram Message
def send_telegram_alert(certificate, days_remaining):
message = f"""
🔒 *SSL Certificate Alert*
*Certificate:* {certificate}
*Days Remaining:* {days_remaining}
*Status:* ⚠️ Expiring Soon
Please renew this certificate to avoid service disruption.
"""
keyboard = [
[{"text": "View Certificate", "url": f"https://www.ssllabs.com/ssltest/analyze.html?d={certificate}"}],
[{"text": "Renew Now", "callback_data": f"renew_{certificate}"}]
]
return {
"text": message,
"parse_mode": "Markdown",
"reply_markup": {"inline_keyboard": keyboard}
}
Advanced Features
Bulk Certificate Import
# Import from CSV
certificates:
- import_from: "certificates.csv"
columns:
name: "Certificate Name"
hostname: "Domain"
port: "Port"
alert_days: "Alert Days"
Custom Health Checks
def custom_health_check(certificate_info):
"""Custom health check function"""
# Check certificate strength
if certificate_info.key_size < 2048:
return False, "Key size too small"
# Check cipher suites
if 'RC4' in certificate_info.cipher_suites:
return False, "Weak cipher detected"
return True, "Certificate is healthy"
Integration with CI/CD
# GitHub Actions example
name: Certificate Check
on:
schedule:
- cron: '0 9 * * *' # Daily at 9 AM
jobs:
check-certificates:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check SSL Certificates
run: |
mcert check --config mcert.yml
if [ $? -ne 0 ]; then
echo "Certificate issues detected!"
exit 1
fi
Monitoring and Alerting
Prometheus Metrics
mCert exposes Prometheus metrics for monitoring:
# Metrics endpoint
from prometheus_client import Counter, Histogram, Gauge
certificate_checks = Counter('mcert_certificate_checks_total', 'Total certificate checks')
certificate_expiry_days = Gauge('mcert_certificate_expiry_days', 'Days until certificate expiry', ['hostname'])
check_duration = Histogram('mcert_check_duration_seconds', 'Time spent checking certificates')
Grafana Dashboard
{
"dashboard": {
"title": "SSL Certificate Monitoring",
"panels": [
{
"title": "Certificate Expiry Timeline",
"type": "graph",
"targets": [
{
"expr": "mcert_certificate_expiry_days",
"legendFormat": ""
}
]
}
]
}
}
Troubleshooting
Common Issues
Certificate Check Fails
# Debug certificate connection
mcert check --hostname example.com --port 443 --verbose
# Check SSL/TLS version
openssl s_client -connect example.com:443 -tls1_2
# Verify certificate chain
openssl s_client -connect example.com:443 -showcerts
Notification Delivery Issues
# Test Slack webhook
curl -X POST -H 'Content-type: application/json' \
--data '{"text":"Test message"}' \
$SLACK_WEBHOOK_URL
# Test email configuration
mcert test-email --to test@example.com
# Test Telegram bot
mcert test-telegram
Performance Issues
# Optimize configuration
global:
check_interval: 7200 # Reduce check frequency
max_concurrent_checks: 10 # Limit concurrent checks
timeout: 30 # Set connection timeout
API Reference
REST API
# Start API server
mcert api --port 8080
# Check certificates via API
curl http://localhost:8080/api/v1/certificates
# Get specific certificate status
curl http://localhost:8080/api/v1/certificates/example.com
# Trigger manual check
curl -X POST http://localhost:8080/api/v1/check
Webhook Payload
{
"event": "certificate_expiring",
"timestamp": "2024-01-15T10:30:00Z",
"certificate": {
"hostname": "example.com",
"port": 443,
"expiry_date": "2024-02-15T10:30:00Z",
"days_remaining": 7,
"issuer": "Let's Encrypt Authority X3",
"subject": "CN=example.com"
}
}
Contributing
We welcome contributions! Please see our Contributing Guidelines for details.
Development Setup
# Fork and clone repository
git clone https://github.com/your-username/mCert.git
cd mCert
# Create development environment
python -m venv venv
source venv/bin/activate
# Install development dependencies
pip install -r requirements-dev.txt
# Run tests
pytest tests/
# Run linting
flake8 mcert/
black mcert/
License
This project is licensed under the MIT License - see the LICENSE file for details.
Support
- Documentation: https://harrythedevopsguy.github.io/docs/tools/mcert/
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Email: HarrytheDevOpsGuy@gmail.com
Related Documentation
More from Tools
Architecture Documentation - Jenkins as Code
Comprehensive architecture guide for Jenkins as Code automation framework
Best Practices Guide - Jenkins as Code
Recommended practices for using Jenkins as Code automation framework
DevOps as a Service - Automated CI/CD Management
Transforming Jenkins from a bottleneck to a self-service platform for develop...
JobGenie - Complete Job Creation Guide
Step-by-step guide to creating and configuring Jenkins jobs using JobGenie YA...
JobGenie - Complete Guide
Your friendly Jenkins job generator - Comprehensive guide to JobGenie job gen...
Quick Reference Guide - Jenkins as Code
Quick reference for common tasks and configurations in Jenkins as Code
Jenkins as Code - Complete Setup Guide
Step-by-step guide to set up Jenkins as Code with plugins, access control, an...
Jenkins as Code - Enterprise CI/CD Automation
Complete Jenkins automation framework with Infrastructure as Code, Configurat...
BG Deployer
Automated blue-green deployment for zero-downtime AWS releases
DevOps Tools & Utilities | Hari Prasad
Custom-built DevOps tools for automation, monitoring, deployment, and security
JobGenie Getting Started
Your DevOps Superpower Unleashed - Transform CI/CD with YAML-driven Jenkins j...
JobGenie
Your DevOps Superpower Unleashed - Transform CI/CD with YAML-driven Jenkins j...
mTracker
Real-time Linux user activity monitoring with Slack notifications
mWatcher
Server health monitoring for CPU, memory, disk with alerting
Sample DevOps Tool Documentation
A comprehensive guide to using our sample DevOps tool for automation and moni...
Typography Demo
Demonstration of enhanced typography features in the documentation template
Related Blog Posts
JobGenie: Transform Jenkins Job Creation with Jobs as Code
Learn how to integrate JobGenie into your existing Jenkins instance to create jobs as code using ...
OpenResty Production Setup: Supercharge with Lua-Based Metrics and Monitoring
Complete guide to deploying production-ready OpenResty with advanced Lua-based metrics collection...
KEDA on EKS: Complete Guide to Event-Driven Autoscaling with Real-World Examples
Master KEDA implementation on Amazon EKS with comprehensive examples for multiple scaling scenari...
Related Tools & Projects
BG Deployer
Automated blue-green deployment for zero-downtime AWS releases
mCert
SSL certificate monitoring with Slack/email alerts & Telegram
mTracker
Real-time Linux user activity monitoring with Slack notifications
mWatcher
Server health monitoring for CPU, memory, disk with alerting
gCrypt
Git-crypt wrapper for secure file encryption & access management
Interactive Tools
AWS VPC Designer, EKS Cost Calculator, and more utilities
External Resources
Quick Actions
Found this helpful?
Help us improve this documentation by sharing your feedback or suggesting improvements.