I'm actually curious: Is there a market for a SaaS which simply keeps track of certificates and when they expire? (Perhaps even with an auto-Deploy new certificate mechanism?)
Perhaps but I call it doing my job. I run up a SSL cert check on icinga for each system as needed. It is quite trivial to roll your own script or find one that can be run from cron. It would probably need more work maintaining an account with a saas.
its a very, very simple update alert to add to Prometheus to monitor that, and alert if the cert is within so many days of expiring. You need the 'blackbox exporter' and a simple rule such as:
alert: TlsCertExpiringSoon
expr: (probe_ssl_earliest_cert_expiry
- time()) < (86400 * 14)
for: 10m
labels:
product: Name_of_Product
severity: page
annotations:
description: the tls cert for the URL {{ $labels.instance }} expires in less than 14 days!
summary: TLS cert for {{$labels.instance}} expiring
I run a SaaS where certificate expiration monitoring is one of the features. But that's more of a nice-to-have feature rather than a primary thing that brings in customers.
I think most monitoring services will let you know if your certificate is about to expire. For example, I use https://checklyhq.com and it lets you configure how far in advance it will alert you.
