Wasn't able to find any viable solution for this one, hoping someone will be able to help out.
We're trying to add certain websites on Uptime Kuma to monitor their Certificate Expiration Dates. Do we need to follow strict Status Codes on it? Like if we wanted certificates should we only use 400-499 every time?
curlmethod ( curl -i website link ) on cmd/terminal to check seems like a hit or miss most of the time
hmm.. I think it depends on the actual website. A status code in the range of
400-499would be a return code that signals a kind of error (file not found, or unauthenticated). So if you normally curl your website and get a
403then it would make sense to use it.
Generally I would say even if you only monitor because you want to get a certificate expiry I would monitor for the expected http return as well. If the
/of your website is huge, you could create some kind of dummy file on your webserver that you query instead. For a wordpress site I am monitoring I am querying the license file for example.
In uptime kuma, the cert check is an option of http status check. Technically, the cert check happens before the http request. You would do something like
openssl s_client -connect cloudron.io:443 -showcerts.
I see that uptime kuma does not have this cert check as a separate thing and neither is it part of the TCP check type (maybe, you can suggest upstream to add a TCPS type. this will help in checking mail server and other services as well like jabber, matrix maybe).
If the goal is only to check the certs, I would put the HTTP status code range as 100-500 as a workaround since one can safely ignore this....
BTW, if you end up opening upstream for TCPS, you should also tell them to add STARTTLS as an option.
openssl s_client -connect mail.domaincom:25 -showcerts -starttls smtpwill help test the cert of a mail server for protocols like sieve, smtp that use starttls.