Add documentation regarding collecting invalid certs

plugins/inputs/x509_cert/README.md

@@ -3,6 +3,8 @@
 This plugin provides information about X509 certificate accessible via local
 file or network connection.
 
+In order to always fetch cert information, it is suggested that you use `insecure_skip_verify = true` as telegraf fails to collect information on invalid certs without it.
+
 
 ### Configuration
 

plugins/inputs/x509_cert/x509_cert_test.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/influxdata/telegraf"
 	"github.com/influxdata/telegraf/internal"
+	_tls "github.com/influxdata/telegraf/internal/tls"
 	"github.com/influxdata/telegraf/testutil"
 )
 
@@ -52,6 +53,7 @@ func TestGatherRemote(t *testing.T) {
 		{name: "successful https", server: "https://example.org:443", timeout: 5},
 		{name: "successful file", server: "file://" + tmpfile.Name(), timeout: 5},
 		{name: "unsupported scheme", server: "foo://", timeout: 5, error: true},
+		{name: "expired certificate", server: "https://expired.badssl.com:443", timeout: 5},
 		{name: "no certificate", timeout: 5, unset: true, error: true},
 		{name: "closed connection", close: true, error: true},
 		{name: "no handshake", timeout: 5, noshake: true, error: true},
@@ -272,3 +274,33 @@ func TestGatherCert(t *testing.T) {
 
 	assert.True(t, acc.HasMeasurement("x509_cert"))
 }
+
+func TestGatherExpiredCert(t *testing.T) {
+	if testing.Short() {
+		t.Skip("Skipping integration test in short mode")
+	}
+
+	m := &X509Cert{
+		Sources: []string{"https://expired.badssl.com:443"},
+	}
+
+	var acc testutil.Accumulator
+	err := m.Gather(&acc)
+	require.NoError(t, err)
+
+	assert.False(t, acc.HasMeasurement("x509_cert"))
+
+	m = &X509Cert{
+		Sources: []string{"https://expired.badssl.com:443"},
+		ClientConfig: _tls.ClientConfig{
+			InsecureSkipVerify: true,
+		},
+	}
+
+	acc = testutil.Accumulator{}
+	err = m.Gather(&acc)
+	require.NoError(t, err)
+
+	assert.True(t, acc.HasMeasurement("x509_cert"))
+
+}