A web application to track and monitor SSL certificate expiration dates for multiple domains
·
Report Bug
·
Request Feature
SSL Certificate Expiry Monitor is a Flask-based web application that helps you keep track of SSL certificates for multiple domains. It provides a simple dashboard to monitor expiration dates and sends alerts when certificates are approaching expiration.
Key features:
- Add and manage multiple domains
- Automatic SSL certificate expiry date checking
- Visual alerts for certificates expiring soon
- Add notes for each domain
- Easy-to-use dashboard interface
- CICD using Azure Devops for Infrastructure and application deployment
- Key Vault for secure secret access
- Azure Funtion for updating domain as per scheduled time
- Integration with various Azure resources
- Azure Bicep for creating resources
To get a local copy up and running, follow these steps.
- Python 3.8 or higher
- pip (Python package manager)
- Docker (for containerization)
- Clone the repository
git clone https://github.com/gopalcnepal/ssl-expiry-monitor.git
- Create and activate a virtual environment
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
- Install required packages
pip install -r requirements.txt
- Run the application
python -m flask run
- Build the Docker image
docker build -t ssl-expiry-monitor . - Run the Docker container
docker run -p 5000:5000 ssl-expiry-monitor
- Access the application at
http://localhost:5000
- Access the application at
http://localhost:5000 - Add domains using the form on the left side
- View certificate information in the main table
- Use the refresh button to update certificate information
- Edit or delete entries as needed
By default the application uses SQLite Database. If you want to use the Postgresql Database, you need to set few environment variables:
SERVER_ENV = "production"
POSTGRESQL_ADMIN_USER = <Your Postgres Username>
POSTGRESQL_ADMIN_PASSWORD = <Your Postgres Password>
POSTGRESQL_URL = <Your Postgres Server hostname>
POSTGRESQL_DATABASE_NAME = <Your Postgres Database name>
You need to set SERVER_ENV value to be production to use postgres. You need the server to be accessible via default PORT 5432.
For Azure Deployment these variables are set automatically and you do not need to assign these environment variables.
To deploy this project to Azure you will need to perform ONE time setup of Azure resources and Azure DevOps.
- Azure subscription
- User with required permissions
-
Azure Group Creation:
- Login to Azure Portal
- Search for "Resource Group"
- Click "Create"
- Enter details and Create the Resource Group
-
Managed Identity Creation:
- Login to Azure Portal
- Search for "Managed Identites"
- Click "Create"
- Enter details as required (Note: Select resource group created in previous step)
-
Assign Role to Managed Identity:
- Login to Azure Portal
- Go to Managed Identity created in previous step
- Select "Azure Role Assignment"
- Click "Add role assignment "
- Provide "Owner" role to Resource Group created earlier.
This section provides information on Azure DevOps setup. This is ONE Time setup. You need to change if there is change in infrastructure resource provisioning or permissions.
- Azure subscription
- Azure DevOps organization and project
- User with required permissions
The project contains two pipelines:
- Infrastructure Pipeline (
infra-pipeline.yml) - Deploys Azure resources - Application Pipeline (
deploy-app-pipeline.yml) - Builds and deploys the application
-
Infrastructure Pipeline:
- Create new pipeline in Azure DevOps
- Select "Azure Repos Git" as source
- Select repository
- Choose "Existing Azure Pipelines YAML file"
- Path:
.azure-pipelines/infra-pipeline.yml - Configure variables:
RESOURCE_GROUP_NAME
-
Application Pipeline:
- Create another pipeline
- Select "Azure Repos Git" as source
- Select repository
- Choose "Existing Azure Pipelines YAML file"
- Path:
.azure-pipelines/deploy-app-pipeline.yml - Configure variables:
ACR_SERVICE_CONNECTION AZURE_SERVICE_CONNECTION IMAGE_REPO AZURE_ACR_REPO WEB_APP_NAME AZURE_FUNCTION_NAME
- Create an Azure Service Connection:
- Go to Project Settings > Service Connections
- Click "New Service Connection"
- Select "Azure Resource Manager"
- Choose "Managed Identity"
- Select your subscription, resource group and Managed Identity created previously.
- Name it "AzureServiceConnection". (Important: If you named it differently, change it in pipeline too)
- Check "Grant access permission to all pipelines"
- Click "Save"
IMPORTANT!
This step 2 needs to be done ONLY after the resources has been deployed by first pipeline (infra-pipeline.yml). This is because it connects Azure DevOps to provide special permission to Azure Container Registry.
- Create an Azure Container Registry Service Connection:
- Go to Project Settings > Service Connections
- Click "New Service Connection"
- Select "Docker Registry"
- Choose "Azure Container Registry"
- Select your subscription and registry
- Name it "AzureContainerRegistryServiceConnection"(Important: If you named it differently, change it in pipeline too)
- Check "Grant access permission to all pipelines"
- Click "Save"
The dashboard will show visual alerts:
- 🟡 Yellow warning for certificates expiring within 30 days
- 🔴 Red warning for certificates expiring within 7 days
Contributions are welcome! Here's how you can help:
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
Project Link: https://github.com/gopalcnepal/ssl-expiry-monitor