Hi @r_weber ,

No RHEL7 is only EOL June 2024.

Sure understood, will rebuild on RHEL7 thanks.

@pieter_luttig you can now find a specific build for older gclib versions on the 1.4 release page, please try if this works for you.

@r_weber just tried it out now, and I am getting the below. 

Error(/usr/lib64/libc.so.6: version `GLIBC_2.25' not found (required by /opt/dynatrace/remotepluginmodule/plugin_deployment/custom.remote.python.certcheck/cryptography/hazmat/bindings/_openssl.abi3.so))

Just did the same, with the same result. Error(/lib64/libc.so.6: version `GLIBC_2.25' not found (required by /apps/tapm/remotepluginmodule/plugin_deployment/custom.remote.python.certcheck/cryptography/hazmat/bindings/_openssl.abi3.so))

@dave_vos @pieter_luttig 
Can you please take a look at this issue on github and post the output from your environments.
I checked on my test environment (CentOS 7.9) with GLIBC 2.17 - all fine and no dependency to 2.25.
Did you make sure you certainly downloaded the right plugin version, completely removed the old one and replaced it?

What minor version of RHEL are you? 7.4? This has been built with CentOS 7.9 (should match RHEL7.9) the latest update in the 7.x release.

We are on RHEL 7.9.

NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"

We are on RHEL 7.9.

NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"

WAWHOO!! can't wait to try it.  The version we're running now does 450 SSL checks in 21 seconds and 899 in 42 seconds. Quite linear.   Can't wait to see how many 1.4 can do.

Running RedHat 8.6 on a 4 core 64-bit and 4GB of memory.

Just wanted to follow-up. Everything is running well.  We have a total of 1,030 SSL checks running across 4 configurations (SSL5, SSL15, SSL29, SSL29_2), which are spread out over 3 1 ActiveGates (Threading at 20 got us down from 3 to 1).  Everything is completing within the 1 minute timeframe.  Problems are now remaining open (not closing after 10 minutes) thus the cross-configuration bug is fixed.

Next we're switching over to using the SSLCheckExpire tag to give teams more flexibility. 

Hello r_weber, Much appreciate your efforts. 

as you mentioned on git hub "(no plugin builds for older glibc linux platforms yet)". Any idea when it would be out. Keen to test for rhel 7.9 with older glibc for the client.

Ok, looks like that place (Upload your custom Extension 2) is not the right place to install this plugin.

What I did so far, following this - https://docs.dynatrace.com/docs/extend-dynatrace/extensions/development/extension-how-tos/deploy-an-...

1. copy custom.remote.python.certcheck  folder to /opt/dynatrace/remotepluginmodule/plugin_deployment/ on ActiveGate host

2. Upload zipped extension on this page -

and on the next page Add ActiveGate extension

I had to use Add new technology button first as Upload extension was greyed out for me.

After that I configure the plugin to get all HTTP checks with product:test tag.

Nothing happened yet as all my certificates are up to date.

How can I be sure that plugin works and certificates are indeed monitored? Can I see a list of URLs that plugin imported?

You could temporary increase "minimum certificate validaty in days" to a high number (say 365 days). That way you can test if a problem would be created if a certificate is bound to expire within 365 days.

I see... But is there a way to see a list of URls that this plugin checks?

Also, does this plugin accepts tags in a form key:value ?

The plugin determines the list of URLs from your tagged synthetic monitors itself.
So you create a synthetic monitor, tag it accordingly e.g with "sslcheck" and then create a plugin config that works with this tag.

Thanks for the reply!

we already have >1k monitors split by different groups/products by a tag in a form of key:value

For testing purpose I configure the plugin with this tag:

and set expiration days to 500.. But nothing happened so I wonder how can I troubleshoot ?

How to confirm that tag filter works as expected and cert check request was sent?

Either use just the key of the tag (not with value), or tag your monitors with another autotag rule based on your existing tags, and then check the Activegate’s plugin execution logs for any info/errors.

Where can I find execution logs? On AG host?

Also about your suggestion to use simple tag - does it mean that key:value not supported?

Almost got it.

For other people who have same questions:

- logs can be found here - /var/lib/dynatrace/remotepluginmodule/log/remoteplugin/custom.remote.python.certcheck

- key:value tags are supported

One thing that I can't make to work is metrics. I set Certificate validity days to 500 and have my monitors failed but metrics are empty - either on Metrics tab of a plugin page or in Data Explorer. Any hint here?

Did you check the "report metrics" in the plugin configuration to on?
And did you make sure that the API token you configured for the plugin has the metric.ingest (v2) scope?

Yes and Yes

Let me try it again, may be I gave it not enough time to collect metrics before closing the problem?

Hi Olegus,

I made small manual in the past. I translated it to English so you use it. Hope it helps.

Dave Vos

Thanks, Dave, nice small manual!

Couple of questions if you dont mind:

-Did you try key:value tags with this plugin?

-What's a Monaco script? 🙂

https://engineering.dynatrace.com/open-source/standards/monaco/

A colleague of mine made a script in Monaco which was able to create synthetic HTTP monitors in bulk using an excel sheet with column's environment|name|url|enabled|location as input.

I did not use key:value tags with this plugin. I simple used this tagging rule: HTTP monitors (Synthetic monitor) on HTTP monitors where HTTP monitor name contains 'Certificate'

Note: In my opinion it is better to use specific HTTP monitors for this purpose as you can disable them using no DEM units.