Hallo Robert, Description of problem: Context: Some software uses concatenated pem files (private key and a corresponding certificate in one file). Such files are stored under /etc/pki/tls/private/ to reflect the requirements of the private key (secret). x509watch unfortunately excludes /private/. This results in not finding pem files under /etc/pki/tls/private/. The same happens when --directory /etc/pki/tls/private/ parameter is given. Right now we use a dirty hack: sed -i '/exclude/ s/private/ignore/' /usr/bin/x509watch How reproducible: Steps to Reproduce: 1. cat key-, certexpired-, intercert-file to /etc/pki/tls/private/test.pem 2. /usr/bin/x509watch 3. no results Expected results: stdout: /etc/pki/tls/private/test.pem () is not valid since 2021-05-09 Suggestion/solutions: 1. Delete "private" from exclude array or 2. as above insinuated: allow an explicit given recursive searched filesystem path (--directory) to be not excluded / forced. This would allow to do a setup via OPTIONS in /etc/sysconfig/x509watch or 3. allow the traversal search through links. this would allow to setup the service with the help of "ln -s /etc/pki/tls/private /etc/pki/tls/services" Danke!
Any update? Thx.