Per service TLS Certificate Expiry warning thresholds

[lets-git-going]

⚠️ Please verify that this feature request has NOT been suggested before.

• I checked and didn't find similar feature request

🏷️ Feature Request Type

New Notification, New Monitor, UI Feature

🔖 Feature description

(This is different from request #3028)

I understand that we can set TLS Certificate Expiry thresholds in the global settings, but we have a need to monitor different hosts with different thresholds.

For example:

• websites on CPanel hosted services automatically renew their certificates with around 15 days to go and you cannot override that setting. I'd want an alert if we hit 10 days for those type of websites
• Self hosted websites with self-managed certificates renew when I renew them. For those, I'd want to know when there is 45 or fewer days left in case I forgot to renew
• Sites hosted with Let's Encrypt certificates (90 day validity) at another host, auto renew every 10 days, so if there's fewer than say 60 days left, I'd want an alert to let me know that auto-renewal failed to give me ample time to fix it.

✔️ Solution

It would be quite helpful to be able to be able to override the system-wide TLS expiration notification threshold days per host.

❓ Alternatives

No response

📝 Additional Context

[CommanderStorm]

I think this just adds extra unnecessary complexity.

Cert-Expiry is something that should never happen, as this process should be automated.
Why would such a feature be helpful instead of setting your notifications to min(expirty_time_all_services)
10 days seems quite a reasonable timeframe imo..

[lets-git-going]

Hi @CommanderStorm
I agree that 10 days is reasonable for many services, especially those with auto-renewing certificates through something like cPanel. In fact, alerting much before that will trigger lots of false alarms as cPanel doesn't renew until there is 15 days left.

However, there are plenty of other services where certificates don't auto renew, say VPN over HTTPS services, self-managed services that use non-auto renewing certificates (say like EV validated ones that require a bunch of manual interaction), webmail server ssl, etc. For those, we have processes in place to make sure that their typically annual renewals are done well ahead of expiration. If we drop the ball on a renewal, it's not installed correctly, someone doesn't do it, but marks it as done, etc, uptime kuma could report on it before 10 days to go is we could configure per host thresholds.

The other example I tried to explain is a self-managed automatic renewal that runs for certificates from a provider like Let's Encrypt. The often run with 30 or more days left on the 90 day certificate. If something breaks there and renewals aren't working, it would be good to know before there's only 10 days left to provide ample time to resolve whatever the issue is.

I am absolutely not suggesting that every host must be configured manually, rather that there's an option to either use some global threshold OR to ignore that threshold and use a custom one where appropriate.

I hope that helps to better explain my thinking.

[imne]

this would be a great addition, we have this use case in our org where currently we just use another system to issue out reminders, if this could be added within uptime kuma that would be great