I am trying to setup Prometheus alert before 30 days and one before 15 days and daily alerts before 7 days of SSL certificate expiry

Question

Here is the rule I am trying but it is not triggering any alert.

 - alert: SSL-Cert-Expiring-In-30-days
      expr: probe_ssl_earliest_cert_expiry - time() == 86400 * 30
      for: 1m
      labels:
        severity: 2
        frequency: daily
      annotations:
         description: "TLS certificate will expire in {{ $value | humanizeDuration }} (instance {{ $labels.instance }})"

I am expecting it to trigger one alert before 30 days of certificate expiry and then before 15 days

- alert: SSL-Cert-Expiring-In-30-days
      expr: probe_ssl_earliest_cert_expiry - time() == 86400 * 30
      for: 1m
      labels:
        severity: 2
        frequency: daily
      annotations:
         description: "TLS certificate will expire in {{ $value | humanizeDuration }} (instance {{ $labels.instance }})"

Answer 1

This cannot result in an alert:

expr: probe_ssl_earliest_cert_expiry - time() == 86400 * 30
for: 1m

You require probe_ssl_earliest_cert_expiry to be exactly time() + 86400 * 30 for one minute. It's highly unlike that it will be true even for one tick of rule evaluation. You can use something like this:

    - alert: SSL-Cert-Expiring-In-30-days
      expr: probe_ssl_earliest_cert_expiry - time() > 86400 * 29 < 86400 * 30
      for: 1m
      labels:
        severity: 2
        frequency: daily
      annotations:
         description: "TLS certificate will expire in {{ $value | humanizeDuration }} (instance {{ $labels.instance }})"

It will trigger alerts only if certificate expires in 29 full days.

Similarly you'll need to create two more alerts, for 14 days and less then 7.