HumationHuman + Automation
Back to Catalog

Monitor PKI certificates & CRLs for expiration with Telegram & SMS alerts

Vigh SandorVigh Sandor
11 views
2/3/2026
Vision AIBase64WebhookImage AnalysisGoogle Gemini
Official Page

PKI Certificate & CRL Monitor - Auto Expiration Alert System

Overview

This n8n workflow provides automated monitoring of Public Key Infrastructure (PKI) components including CA certificates, Certificate Revocation Lists (CRLs), and associated web services. It extracts certificate information from the TSL (Trusted Service List) -- the Hungarian is the example list as default in the workflow -- , monitors expiration dates, and sends alerts via Telegram and SMS when critical thresholds are reached.

Features

  • Automated extraction of certificate URLs from TSL XML
  • CA certificate expiration monitoring
  • CRL expiration tracking
  • Website availability monitoring with retry mechanism
  • Multi-channel alerting (Telegram and SMS)
  • Scheduled execution every 12 hours
  • 17-hour warning threshold for expirations

Setup Instructions

Prerequisites

  1. n8n Instance: Running n8n installation with Linux environment
  2. Telegram Bot: Created via @BotFather
  3. Textbelt API Key: For SMS notifications (optional)
  4. Network Access: To reach TSL source and certificate URLs
  5. Linux Tools: OpenSSL, curl, libxml2-utils, jq (auto-installed)

Configuration Steps

1. Telegram Setup

Create Telegram Bot:

  • Open Telegram and search for @BotFather
  • Send /newbot and follow prompts
  • Save the bot token (format: 1234567890:ABCdefGHIjklMNOpqrsTUVwxyz)

Create Alert Channel:

  • Create a new Telegram channel for alerts
  • Add your bot as administrator
  • Get channel ID:
    • Send a test message to the channel
    • Visit: https://api.telegram.org/bot<YOUR_BOT_TOKEN>/getUpdates
    • Find "chat":{"id":-100XXXXXXXXXX} - this is your channel ID

2. SMS Setup (Optional)

Textbelt Configuration:

  • Register at https://textbelt.com
  • Purchase credits and obtain API key
  • Note: Free tier allows 1 SMS/day for testing

3. Configure Alert Nodes

Update these nodes with your credentials:

CRL Alert Node:

  • Open CRL Alert --- Telegram & SMS node
  • Replace YOUR-TELEGRAM-BOT-TOKEN with your bot token
  • Replace YOUR-TELEGRAM-CHANNEL-ID with your channel ID
  • Replace +36301234567 with target phone number(s)
  • Replace YOUR-TEXTBELT-API-KEY with your Textbelt key

CA Alert Node:

  • Open CA Alert --- Telegram & SMS node
  • Apply same replacements as above

Website Down Alert Node:

  • Open Send Website Down - Telegram & SMS node
  • Apply same replacements as above

4. TSL Source Configuration

The workflow defaults to Hungarian TSL:

  • URL: http://www.nmhh.hu/tl/pub/HU_TL.xml
  • To change, edit the Collect Checking URL list node
  • Trust list references: https://ec.europa.eu/tools/lotl/eu-lotl.xml (to find more TSL list to change the default), and https://www.etsi.org/deliver/etsi_ts/119600_119699/119615/01.02.01_60/ts_119615v010201p.pdf (to Technical Specification of the Trust Lists)

5. Threshold Configuration

Default warning threshold: 17 hours before expiration

  • To modify CRL threshold: Edit nextUpdate - TimeFilter node
  • To modify CA threshold: Edit nextUpdate - TimeFilter1 node
  • Change value in condition: if (diffHours < 17)

Activation

  1. Save all configuration changes
  2. Test with Execute With Manual Start trigger
  3. Verify alerts are received
  4. Toggle workflow to Active status for scheduled operation

How to Use

Automatic Operation

Once activated, the workflow runs automatically:

  • Frequency: Every 12 hours
  • Process:
    1. Downloads TSL XML
    2. Extracts all certificate URLs
    3. Checks each URL type (CRL, CA, or other)
    4. Validates expiration dates
    5. Sends alerts for critical items

Manual Execution

For immediate checks:

  1. Open the workflow
  2. Click Execute With Manual Start node
  3. Click "Execute Node"
  4. Monitor execution progress

Understanding Alerts

CRL Expiration Alert

Message Format:

ALERT! with [Issuer CN] !!!CRL EXPIRATION!!! Will be under 17 hour ([Next Update Time])! Last updated: [Last Update Time]

Trigger Conditions:

  • CRL expires in less than 17 hours
  • CRL download successful but expiration imminent

CA Certificate Alert

Message Format:

ALERT!/EXPIRED! with [Subject CN] !!!CA EXPIRATION PROBLEM!!! The expiration time: ([Not After Date]) Last updated: ([Not Before Date])

Trigger Conditions:

  • Certificate expires in less than 17 hours (ALERT!)
  • Certificate already expired (EXPIRED!)

Website Down Alert

Message Format:

ALERT! The [URL] !!!NOT AVAILABLE!!! Service outage probable! Intervention required!

Trigger Conditions:

  • Initial HTTP request fails
  • Retry after wait period also fails
  • HTTP status code not 200

Monitoring Dashboard

Execution History

  • Navigate to n8n Executions tab
  • Filter by workflow name
  • Review successful/failed runs

Alert History

Check Telegram channel for:

  • Alert timestamps
  • Affected certificates/services
  • Expiration details

Troubleshooting

No Alerts Received

  1. Check Telegram Bot:

    • Verify bot is admin in channel
    • Test with manual message via API
    • Confirm channel ID is correct

  2. Check Workflow Execution:

    • Review execution logs in n8n
    • Look for error nodes (red indicators)
    • Verify TSL URL is accessible

False Positives

  • Verify system time is correct
  • Check timezone settings
  • Review threshold values

Missing Certificates

  • Some certificates may not have URLs
  • TSL may be temporarily unavailable
  • Check XML parsing in logs

Performance Issues

Slow Execution:

  • Large TSL files take time to parse
  • Network latency affects URL checks
  • Consider increasing timeout values

Memory Issues:

  • Workflow processes many URLs sequentially
  • Monitor n8n server resources
  • Consider increasing batch intervals

Advanced Configuration

Modify Check Frequency

Edit Execute With Scheduled Start node:

  • Change interval type (hours/days/weeks)
  • Adjust interval value
  • Consider peak/off-peak scheduling

Add Custom TSL Sources

In Collect Checking URL list node:

URL="https://your-tsl-source.com/tsl.xml"

Customize Alert Messages

Edit alert nodes to modify message templates:

  • Add organization name
  • Include escalation contacts
  • Add remediation instructions

Filter Certificate Types

Modify URL detection patterns:

  • Is this CRL? node: Adjust CRL detection
  • Is this CA? node: Adjust CA detection
  • Add new patterns as needed

Adjust Retry Logic

Wait B4 Retry node:

  • Default: Immediate retry
  • Can add delay (seconds/minutes)
  • Useful for transient network issues

Maintenance

Regular Tasks

  • Weekly: Review alert frequency
  • Monthly: Validate phone numbers/channels
  • Quarterly: Update TSL source URLs
  • Annually: Review threshold values

Log Management

  • Clear old execution logs periodically
  • Archive alert history from Telegram
  • Document false positives for tuning

Updates

  • Keep n8n updated for security patches
  • Monitor OpenSSL versions for compatibility
  • Update notification service APIs as needed

Security Considerations

  • Store API keys in n8n credentials manager
  • Use environment variables for sensitive data
  • Restrict workflow edit access
  • Monitor for unauthorized changes
  • Regularly rotate API keys
  • Use HTTPS for TSL sources when available

Compliance Notes

  • Ensure monitoring aligns with PKI policies
  • Document alert response procedures
  • Maintain audit trail of certificate issues
  • Consider regulatory requirements for uptime

Integration Options

  • Connect to ticketing systems for alert tracking
  • Add database logging for compliance
  • Integrate with monitoring dashboards
  • Create escalation workflows for critical alerts

Best Practices

  1. Test alerts monthly to ensure delivery
  2. Maintain multiple notification channels
  3. Document response procedures for each alert type
  4. Set up redundant monitoring if critical
  5. Review and tune thresholds based on operational needs
  6. Keep contact lists updated
  7. Consider time zones for global operations

n8n Workflow: Basic Workflow Template

This n8n workflow serves as a foundational template demonstrating various core n8n nodes and their basic functionalities. It's a great starting point for understanding how different nodes can be combined to build more complex automations.

What it does

This workflow showcases a variety of n8n's core capabilities, including:

  1. Manual and Scheduled Triggers: It includes both a manual trigger (for immediate execution) and a schedule trigger (for recurring execution), demonstrating how workflows can be initiated.
  2. Command Execution: It can execute shell commands on the n8n host server.
  3. HTTP Requests: It can make HTTP requests to external APIs or services.
  4. Conditional Logic: It uses an 'If' node to introduce branching logic based on data conditions.
  5. Data Manipulation: It uses 'Edit Fields (Set)' to modify data and 'Split Out' and 'Loop Over Items (Split in Batches)' to handle collections of data.
  6. File Operations: It can write binary files.
  7. Workflow Control: It includes a 'Wait' node to introduce delays in the workflow execution.
  8. Code Execution: It can run custom JavaScript code for advanced data processing or logic.
  9. Documentation: It includes a 'Sticky Note' for in-workflow documentation.

Prerequisites/Requirements

  • An n8n instance (self-hosted or cloud).
  • Basic understanding of n8n concepts (nodes, connections, expressions).

Setup/Usage

  1. Import the Workflow:
    • Copy the provided JSON code.
    • In your n8n instance, go to "Workflows" and click "New".
    • Click the "Import from JSON" button (usually a cloud icon with an arrow pointing down or a JSON icon).
    • Paste the JSON code and click "Import".
  2. Explore the Nodes:
    • Review each node to understand its configuration and purpose.
    • The 'Sticky Note' provides general information about the workflow.
  3. Activate the Workflow:
    • To run the workflow, you can either click the "Execute Workflow" button for a manual trigger or activate the "Schedule Trigger" node to run it on a recurring basis.
    • Note: The workflow as provided is a template and does not perform any specific external actions without further configuration of nodes like "Execute Command" or "HTTP Request".
  4. Customize:
    • This workflow is designed as a template. You will need to configure the individual nodes with your specific commands, API endpoints, data, and logic to build your desired automation.
    • For example, in the "Execute Command" node, you would specify the actual shell command to run. In "HTTP Request", you would define the URL, method, and body.

Related Templates

Automate Dutch Public Procurement Data Collection with TenderNed

TenderNed Public Procurement What This Workflow Does This workflow automates the collection of public procurement data from TenderNed (the official Dutch tender platform). It: Fetches the latest tender publications from the TenderNed API Retrieves detailed information in both XML and JSON formats for each tender Parses and extracts key information like organization names, titles, descriptions, and reference numbers Filters results based on your custom criteria Stores the data in a database for easy querying and analysis Setup Instructions This template comes with sticky notes providing step-by-step instructions in Dutch and various query options you can customize. Prerequisites TenderNed API Access - Register at TenderNed for API credentials Configuration Steps Set up TenderNed credentials: Add HTTP Basic Auth credentials with your TenderNed API username and password Apply these credentials to the three HTTP Request nodes: "Tenderned Publicaties" "Haal XML Details" "Haal JSON Details" Customize filters: Modify the "Filter op ..." node to match your specific requirements Examples: specific organizations, contract values, regions, etc. How It Works Step 1: Trigger The workflow can be triggered either manually for testing or automatically on a daily schedule. Step 2: Fetch Publications Makes an API call to TenderNed to retrieve a list of recent publications (up to 100 per request). Step 3: Process & Split Extracts the tender array from the response and splits it into individual items for processing. Step 4: Fetch Details For each tender, the workflow makes two parallel API calls: XML endpoint - Retrieves the complete tender documentation in XML format JSON endpoint - Fetches metadata including reference numbers and keywords Step 5: Parse & Merge Parses the XML data and merges it with the JSON metadata and batch information into a single data structure. Step 6: Extract Fields Maps the raw API data to clean, structured fields including: Publication ID and date Organization name Tender title and description Reference numbers (kenmerk, TED number) Step 7: Filter Applies your custom filter criteria to focus on relevant tenders only. Step 8: Store Inserts the processed data into your database for storage and future analysis. Customization Tips Modify API Parameters In the "Tenderned Publicaties" node, you can adjust: offset: Starting position for pagination size: Number of results per request (max 100) Add query parameters for date ranges, status filters, etc. Add More Fields Extend the "Splits Alle Velden" node to extract additional fields from the XML/JSON data, such as: Contract value estimates Deadline dates CPV codes (procurement classification) Contact information Integrate Notifications Add a Slack, Email, or Discord node after the filter to get notified about new matching tenders. Incremental Updates Modify the workflow to only fetch new tenders by: Storing the last execution timestamp Adding date filters to the API query Only processing publications newer than the last run Troubleshooting No data returned? Verify your TenderNed API credentials are correct Check that you have setup youre filter proper Need help setting this up or interested in a complete tender analysis solution? Get in touch πŸ”— LinkedIn – Wessel Bulte

Wessel BulteBy Wessel Bulte
247

πŸŽ“ How to transform unstructured email data into structured format with AI agent

This workflow automates the process of extracting structured, usable information from unstructured email messages across multiple platforms. It connects directly to Gmail, Outlook, and IMAP accounts, retrieves incoming emails, and sends their content to an AI-powered parsing agent built on OpenAI GPT models. The AI agent analyzes each email, identifies relevant details, and returns a clean JSON structure containing key fields: From – sender’s email address To – recipient’s email address Subject – email subject line Summary – short AI-generated summary of the email body The extracted information is then automatically inserted into an n8n Data Table, creating a structured database of email metadata and summaries ready for indexing, reporting, or integration with other tools. --- Key Benefits βœ… Full Automation: Eliminates manual reading and data entry from incoming emails. βœ… Multi-Source Integration: Handles data from different email providers seamlessly. βœ… AI-Driven Accuracy: Uses advanced language models to interpret complex or unformatted content. βœ… Structured Storage: Creates a standardized, query-ready dataset from previously unstructured text. βœ… Time Efficiency: Processes emails in real time, improving productivity and response speed. *βœ… Scalability: Easily extendable to handle additional sources or extract more data fields. --- How it works This workflow automates the transformation of unstructured email data into a structured, queryable format. It operates through a series of connected steps: Email Triggering: The workflow is initiated by one of three different email triggers (Gmail, Microsoft Outlook, or a generic IMAP account), which constantly monitor for new incoming emails. AI-Powered Parsing & Structuring: When a new email is detected, its raw, unstructured content is passed to a central "Parsing Agent." This agent uses a specified OpenAI language model to intelligently analyze the email text. Data Extraction & Standardization: Following a predefined system prompt, the AI agent extracts key information from the email, such as the sender, recipient, subject, and a generated summary. It then forces the output into a strict JSON structure using a "Structured Output Parser" node, ensuring data consistency. Data Storage: Finally, the clean, structured data (the from, to, subject, and summarize fields) is inserted as a new row into a specified n8n Data Table, creating a searchable and reportable database of email information. --- Set up steps To implement this workflow, follow these configuration steps: Prepare the Data Table: Create a new Data Table within n8n. Define the columns with the following names and string type: From, To, Subject, and Summary. Configure Email Credentials: Set up the credential connections for the email services you wish to use (Gmail OAuth2, Microsoft Outlook OAuth2, and/or IMAP). Ensure the accounts have the necessary permissions to read emails. Configure AI Model Credentials: Set up the OpenAI API credential with a valid API key. The workflow is configured to use the model, but this can be changed in the respective nodes if needed. Connect the Nodes: The workflow canvas is already correctly wired. Visually confirm that the email triggers are connected to the "Parsing Agent," which is connected to the "Insert row" (Data Table) node. Also, ensure the "OpenAI Chat Model" and "Structured Output Parser" are connected to the "Parsing Agent" as its AI model and output parser, respectively. Activate the Workflow: Save the workflow and toggle the "Active" switch to ON. The triggers will begin polling for new emails according to their schedule (e.g., every minute), and the automation will start processing incoming messages. --- Need help customizing? Contact me for consulting and support or add me on Linkedin.

DavideBy Davide
1616

Tax deadline management & compliance alerts with GPT-4, Google Sheets & Slack

AI-Driven Tax Compliance & Deadline Management System Description Automate tax deadline monitoring with AI-powered insights. This workflow checks your tax calendar daily at 8 AM, uses GPT-4 to analyze upcoming deadlines across multiple jurisdictions, detects overdue and critical items, and sends intelligent alerts via email and Slack only when immediate action is required. Perfect for finance teams and accounting firms who need proactive compliance management without manual tracking. πŸ›οΈπŸ€–πŸ“Š Good to Know AI-Powered: GPT-4 provides risk assessment and strategic recommendations Multi-Jurisdiction: Handles Federal, State, and Local tax requirements automatically Smart Alerts: Only notifies executives when deadlines are overdue or critical (≀3 days) Priority Classification: Categorizes deadlines as Overdue, Critical, High, or Medium priority Dual Notifications: Critical alerts to leadership + daily summaries to team channel Complete Audit Trail: Logs all checks and deadlines to Google Sheets for compliance records How It Works Daily Trigger - Runs at 8:00 AM every morning Fetch Data - Pulls tax calendar and company configuration from Google Sheets Analyze Deadlines - Calculates days remaining, filters by jurisdiction/entity type, categorizes by priority AI Analysis - GPT-4 provides strategic insights and risk assessment on upcoming deadlines Smart Routing - Only sends alerts if overdue or critical deadlines exist Critical Alerts - HTML email to executives + Slack alert for urgent items Team Updates - Slack summary to finance channel with all upcoming deadlines Logging - Records compliance check results to Google Sheets for audit trail Requirements Google Sheets Structure Sheet 1: TaxCalendar DeadlineID | DeadlineName | DeadlineDate | Jurisdiction | Category | AssignedTo | IsActive FED-Q1 | Form 1120 Q1 | 2025-04-15 | Federal | Income | John Doe | TRUE Sheet 2: CompanyConfig (single row) Jurisdictions | EntityType | FiscalYearEnd Federal, California | Corporation | 12-31 Sheet 3: ComplianceLog (auto-populated) Date | AlertLevel | TotalUpcoming | CriticalCount | OverdueCount 2025-01-15 | HIGH | 12 | 3 | 1 Credentials Needed Google Sheets - Service Account OAuth2 OpenAI - API Key (GPT-4 access required) SMTP - Email account for sending alerts Slack - Bot Token with chat:write permission Setup Steps Import workflow JSON into n8n Add all 4 credentials Replace these placeholders: YOURTAXCALENDAR_ID - Tax calendar sheet ID YOURCONFIGID - Company config sheet ID YOURLOGID - Compliance log sheet ID C12345678 - Slack channel ID tax@company.com - Sender email cfo@company.com - Recipient email Share all sheets with Google service account email Invite Slack bot to channels Test workflow manually Activate the trigger Customizing This Workflow Change Alert Thresholds: Edit "Analyze Deadlines" node: Critical: Change <= 3 to <= 5 for 5-day warning High: Change <= 7 to <= 14 for 2-week notice Medium: Change <= 30 to <= 60 for 2-month lookout Adjust Schedule: Edit "Daily Tax Check" trigger: Change hour/minute for different run time Add multiple trigger times for tax season (8 AM, 2 PM, 6 PM) Add More Recipients: Edit "Send Email" node: To: cfo@company.com, director@company.com CC: accounting@company.com BCC: archive@company.com Customize Email Design: Edit "Format Email" node to change colors, add logo, or modify layout Add SMS Alerts: Insert Twilio node after "Is Critical" for emergency notifications Integrate Task Management: Add HTTP Request node to create tasks in Asana/Jira for critical deadlines Troubleshooting | Issue | Solution | |-------|----------| | No deadlines found | Check date format (YYYY-MM-DD) and IsActive = TRUE | | AI analysis failed | Verify OpenAI API key and account credits | | Email not sending | Test SMTP credentials and check if critical condition met | | Slack not posting | Invite bot to channel and verify channel ID format | | Permission denied | Share Google Sheets with service account email | πŸ“ž Professional Services Need help with implementation or customization? Our team offers: 🎯 Custom workflow development 🏒 Enterprise deployment support πŸŽ“ Team training sessions πŸ”§ Ongoing maintenance πŸ“Š Custom reporting & dashboards πŸ”— Additional API integrations Discover more workflows – Get in touch with us

Oneclick AI SquadBy Oneclick AI Squad
93