Azure 应用服务环境 SSL 证书到期警报

Question

My question is simple:

Has someone figured out a way to be alerted when their App Service Environment (ASE) ILB certificate is about to expire? I have set up alerts for SSL certificates associated with my other Azure resources but am having difficulties specifically figuring this out with Azure ILB ASEs. It doesn't help that these certs are good for a year so attempting to "remember" is going to cut it.

Answer 1

Please check if my findings helpful :

As per the research, Yes - we can monitor the SSL Certificates Expiration and get alerts using the Azure Monitor .

I didn't find any official documents related to Azure Monitor - Creating alerts to SSL Certificates Options.

1. Here is a blog article which shows you workarounds about How to create an alert for SSL certificate expiry using Azure Monitor along with the result.

2. You can also use PowerShell-based solutions that alerts based on cert expiry date. Here are some references for that:

   • https://support.cortado.com/en/support/solutions/articles/43000552447-how-to-get-email-notifications-for-certificates-that-are-about-to-expire
   • https://learn.microsoft.com/en-us/powershell/module/az.automation/get-azautomationcertificate?view=azps-7.4.0&viewFallbackFrom=azps-4.7.0

3. You can make use of Azure App Service Certificates feature in the Azure for the websites where you can switch on the certificate's renewal automatically. For more information, please refer this documentation .

Answer 2

I'll leave this here, after spending a few hours to run this across all app services, it's brute force but you can run it from a logic app on schedule, etc and send administrative email, etc.

# Connect to your Azure subscriptions
Connect-AzAccount

# Get current date
$currentDate = Get-Date

# Get all the subscriptions
$subscriptions = Get-AzSubscription

# Iterate through each subscription
foreach ($subscription in $subscriptions) {
    # Select the current subscription
    Select-AzSubscription -SubscriptionId $subscription.Id


    # Get all the web apps
    $webApps = Get-AzWebApp

    # Iterate through each web app
    foreach ($webApp in $webApps) {
        # Get a list of all SSL certificates on the web app
        $sslCertificates = Get-AzWebAppCertificate -ResourceGroupName $webApp.ResourceGroup # -Name $webApp.Name

        # Iterate through each SSL certificate
        foreach ($sslCertificate in $sslCertificates) {
            # Get the certificate expiration date
            $expirationDate = $sslCertificate.ExpirationDate
            # Get the timespan between the current date and the expiration date
            $timeSpan = $expirationDate - $currentDate

            #Write-Host "Web App: $($webApp.Name) cert expires in $($timeSpan.TotalDays)"

            # Check if the certificate is expiring in 2 months or less
            if ($timeSpan.TotalDays -le 100) {
                # Print the name, resource group and expiration date of the web app and slot that is using the certificate
                Write-Host "Web App: $($webApp.Name) Resource Group: $($webApp.ResourceGroup) Thumbprint: $($sslCertificate.Thumbprint) Expiration Date: $($sslCertificate.ExpirationDate)"
            }
        }
    }
}