Certificates are a fundamental part of the Internet’s security. At least since Let’s Encrypt, a free and automated Certificate Authority, has started its service, SSL is nearly used everywhere. To avoid Certificate issues and possible service outages, it’s a good idea to monitor the SSL certificates used by your services, especially as Let’s Encrypt certificates have a short lease time of 90 days.

I’m using Prometheus to monitor my infrastructure, and for Prometheus there are multiple ways to get started. Most of the tutorials and posts of the internet will cover the case of expired certificates, and it’s pretty easy to achieve. I prefer to use Telegraf, a plugin based metrics collector that also provides Prometheus compatible outputs, instead of dedicated Prometheus exporters. To monitor SSL certificates, I’m using the x509_cert input plugin of Telegraf that provides a metric called x509_cert_expiry which can be utilized to write simple alerting rules. That’s actually pretty cool already, as Prometheus will send out alerts a few weeks before the certificates would expire in case there is a problem within the automatic renewal process.

In my last article about modernizing a Game Boy Advance, one of my complaints was the ugly coloring of old Game Boy Classic games and I thought about buying an additional Game Boy Classic. But first I wanted to check if there was a mod for the Game Boy Advance to fix this problem.

While preparing a custom Docker image for a tool I wanted to use I encountered a problem that kept me busy for some time. The container could be built and started without any problems but the application in the container was simply not accessible via the published port.

Even after minutes of debugging and checking (and re-checking over and over again) that the right port was exposed and the application in the container is listening on that port I was not able to get it to work… But I had a suspicion now. For some reason I had decided to bind the application in the container to localhost. Though it may sound obvious now, I didn’t expect that with a binding like 127.0.0.0:9000 you can’t publish port 9000 to the host; or maybe I’m just too stupid to fully understand Docker networking. After I changed the binding to 0.0.0.0:9000 everything worked as expected. Anyway, lesson learned.