Ad Widget

Collapse

SOLVED: Zabbix "Agentless" SSL Certificate Monitoring

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • flakrat12
    Junior Member
    • Jan 2025
    • 6
    #1

    SOLVED: Zabbix "Agentless" SSL Certificate Monitoring

    Howdy, I figured I'd share my notes setting up SSL certificate monitoring within Zabbix. This can be done without installing an agent on the remote sites/web servers by using a Zabbix Agent 2 (package `zabbix-agent2`) running on another system (including the Zabbix server) to act as a proxy.

    We are running Zabbix 7.2.

    Example, monitor the certificate on https://zabbix.com
    • Create a new host zabbix.com
    • Add to hostgroup: SSL Servers
    • Assign template: Website certificate by Zabbix agent 2
    • Interface: 127.0.0.1 Port: 10050
    • Click Macros and Inherited and host macros
      • Edit the value for {$CERT.WEBSITE.HOSTNAME} to zabbix.com
    • Repeat to add more sites...
    Code:
    zabbix_get -s localhost -k web.certificate.get\[zabbix.com]
    Last edited by flakrat12; 23-02-2025, 00:57.
    Tags: agent2
      👍 2
    • flakrat12
      Junior Member
      • Jan 2025
      • 6
      #2
      For clarity: In {$CERT.WEBSITE.HOSTNAME} replace <Put DNS name> with zabbix.com

        Comment

        • seren
          Junior Member
          • Jun 2023
          • 11
          #3
          Thanks for posting this. Doesn't the new host's name in Zabbix need to match the Hostname that the agent is configured with?

          So if you've created a new host zabbix.com, your agent would need to have Hostname=zabbix.com set?

          I ask because I'm trying to set up something like this using a different host (not the containerized Zabbix server) as the checking entity, but am running into problems connecting to the host.

          Thanks.

            Comment

            • guntis_liepins
              Junior Member
              • Oct 2025
              • 18
              #4
              Seren if you use passive check via zabbix agent interface Zabbix agent will not check which name you send in request, will just use agent access file (Server= directive).
              So name matters just for display, for request itself value of macro {$CERT.WEBSITE.HOSTNAME} will be used.
              I usually create group SSL_certs and just clone hosts there by changing name and {$CERT.WEBSITE.HOSTNAME}​​. It is indeed easy.

                Comment

                Previous template Next
                Working...