receiver/httpcheck: stop double-emitting TLS cert-remaining data point

RecordHttpcheckTLSCertRemainingDataPoint was called twice per scrape
for every HTTPS endpoint: once inside the mux.Lock block before the
timing metrics, and again a few lines lower after the timing metrics.
The two blocks were byte-for-byte equivalent, so the receiver emitted
duplicate httpcheck.tls.cert_remaining data points on every cycle.

Remove the redundant pre-timing block. The post-timing block keeps
the endpoint/issuer/commonName/sans labels unchanged.

Fixes #47740.

Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
Assisted-by: Claude Opus 4.7

Author: SAY-5

.chloggen/47740-httpcheck-dedup-tls-cert-remaining.yaml

@@ -0,0 +1,24 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: receiver/httpcheck
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Stop emitting duplicate `httpcheck.tls.cert_remaining` data points by removing the redundant pre-timing TLS block; the post-timing block (a few lines below) is the single source that retains endpoint/issuer/commonName/sans labels.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [47740]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+change_logs: [user]

receiver/httpcheckreceiver/scraper.go

@@ -349,21 +349,10 @@ func (h *httpcheckScraper) scrape(ctx context.Context) (pmetric.Metrics, error)
 
 			mux.Lock()
 
-			// Check if TLS metric is enabled and this is an HTTPS endpoint
-			if h.cfg.Metrics.HttpcheckTLSCertRemaining.Enabled && resp != nil && resp.TLS != nil {
-				// Extract TLS info directly from the HTTP response
-				issuer, commonName, sans, timeLeft := extractTLSInfo(resp.TLS)
-				if issuer != "" || commonName != "" || len(sans) > 0 {
-					h.mb.RecordHttpcheckTLSCertRemainingDataPoint(
-						now,
-						timeLeft,
-						h.cfg.Targets[targetIndex].Endpoint,
-						issuer,
-						commonName,
-						sans,
-					)
-				}
-			}
+			// TLS cert-remaining is recorded once per scrape a few lines
+			// below (after the timing metrics). The duplicate block that
+			// used to live here double-emitted the data point for every
+			// HTTPS endpoint (#47740).
 			// Record timing breakdown metrics
 			dnsMs, tcpMs, tlsMs, requestMs, responseMs := timing.getDurations()
 			endpoint := h.cfg.Targets[targetIndex].Endpoint