Document a known pitfall with blackbox's http module

9152fec3 · lelutin · ae012619 · 9152fec3
Verified Commit 9152fec3 authored 4 months ago by lelutin
--- a/service/prometheus.md
+++ b/service/prometheus.md
@@ -560,6 +560,21 @@ with the same value since that label is used in alerts and graphs to display
 information. Finally, the `__address__` label is overridden with the address
 where Prometheus can reach the exporter.

+#### Known pitfalls with blackbox scrape jobs
+
+Some tests that can be performed with blackbox exporter can have some pitfalls,
+cases where the monitoring is not doing what you'd expect and thus we're not
+receiving the information required for proper monitoring. This is a list of some
+known issues that you should look out for:
+
+- With the `http` module, if you let it follow redirections it simplifies some
+  checks. However, this has the potential side-effect that the metrics
+  associated with the SSL certificate for that check does _not_ contain
+  information about the certificate of the domain name of the target, but rather
+  about the certificate for the domain last visited (after following
+  redirections). So certificate expiration alerts will not be alerting about
+  the right thing!
+
 #### Targets

 TPA-managed services use puppet exported resources in the appropriate profiles.