Add New Monitor - Accepted Status Codes

Reply to Add New Monitor - Accepted Status Codes on Thu, 19 Jan 2023 09:04:10 GMT

girish — Thu, 19 Jan 2023 09:04:10 GMT

BTW, if you end up opening upstream for TCPS, you should also tell them to add STARTTLS as an option.

openssl s_client -connect mail.domaincom:25 -showcerts -starttls smtp will help test the cert of a mail server for protocols like sieve, smtp that use starttls.

Reply to Add New Monitor - Accepted Status Codes on Thu, 19 Jan 2023 09:04:20 GMT

girish — Thu, 19 Jan 2023 09:04:20 GMT

In uptime kuma, the cert check is an option of http status check. Technically, the cert check happens before the http request. You would do something like openssl s_client -connect cloudron.io:443 -showcerts .

I see that uptime kuma does not have this cert check as a separate thing and neither is it part of the TCP check type (maybe, you can suggest upstream to add a TCPS type. this will help in checking mail server and other services as well like jabber, matrix maybe).

If the goal is only to check the certs, I would put the HTTP status code range as 100-500 as a workaround since one can safely ignore this....

Reply to Add New Monitor - Accepted Status Codes on Thu, 19 Jan 2023 07:47:06 GMT

fbartels — Thu, 19 Jan 2023 07:47:06 GMT

hmm.. I think it depends on the actual website. A status code in the range of 400-499 would be a return code that signals a kind of error (file not found, or unauthenticated). So if you normally curl your website and get a 403 then it would make sense to use it.

Generally I would say even if you only monitor because you want to get a certificate expiry I would monitor for the expected http return as well. If the / of your website is huge, you could create some kind of dummy file on your webserver that you query instead. For a wordpress site I am monitoring I am querying the license file for example.