cosimo · October 16, 2019 09:14
diff --git a/test-certificate-expiry.sh b/test-certificate-expiry.sh
 #!/bin/bash
 #
 # Test certificate file expire date
 #
 # Usage:
 #   test-certificate-expiry my.crt
 #
 #

 # Emit an error/critical if the certificate expire date
 # is less than this number of days away
 WARN_BEFORE_DAYS=20

 CERT="$1"

 if [ -z "${CERT}" ]; then
    echo "WARNING - Usage: $0 <cert-file>"
    exit 1
 fi

 if [ ! -s "${CERT}" ]; then
    echo "WARNING - Certificate file '${CERT}' is empty?"
    exit 1
 fi

 TMP_FILE=$(mktemp)
 openssl x509 -in "${CERT}" -noout -dates > ${TMP_FILE}

 #cat $TMP_FILE

 START_DATE=$(grep notBefore "${TMP_FILE}" | cut -d'=' -f2)
 END_DATE=$(grep notAfter "${TMP_FILE}" | cut -d'=' -f2)

 unlink "${TMP_FILE}"

 #echo "Start=$START_DATE"
 #echo "End=$END_DATE"

 START_EPOCH=$(date --date="${START_DATE}" +'%s')
 END_EPOCH=$(date --date="${END_DATE}" +'%s')
 NOW_EPOCH=$(date +'%s')

 #echo "Start=$START_EPOCH"
 #echo "End=$END_EPOCH"
 #echo "Now=$NOW_EPOCH"

 CERT_TTL=$(expr $END_EPOCH - $NOW_EPOCH)
 CERT_TTL_DAYS=$(expr $CERT_TTL / 86400)

 if [ "${CERT_TTL_DAYS}" -lt "${WARN_BEFORE_DAYS}" ]; then
    if [ "${CERT_TTL_DAYS}" -lt 0 ]; then
        CERT_TTL_DAYS=$(expr $CERT_TTL_DAYS \* -1)
        echo "CRITICAL - Certificate '${CERT}' expired ${CERT_TTL_DAYS} days ago"
    elif [ "${CERT_TTL_DAYS}" -eq 0 ]; then
        echo "CRITICAL - Certificate '${CERT}' is expiring *TODAY*"
    else
        echo "CRITICAL - Certificate '${CERT}' is expiring in ${CERT_TTL_DAYS} days"
    fi
    exit 2
 else
    echo "OK - Certificate '${CERT}' is expiring in ${CERT_TTL_DAYS} days"
    exit 0
 fi
	#!/bin/bash
	#
	# Test certificate file expire date
	#
	# Usage:
	# test-certificate-expiry my.crt
	#
	#

	# Emit an error/critical if the certificate expire date
	# is less than this number of days away
	WARN_BEFORE_DAYS=20

	CERT="$1"

	if [ -z "${CERT}" ]; then
	echo "WARNING - Usage: $0 <cert-file>"
	exit 1
	fi

	if [ ! -s "${CERT}" ]; then
	echo "WARNING - Certificate file '${CERT}' is empty?"
	exit 1
	fi

	TMP_FILE=$(mktemp)
	openssl x509 -in "${CERT}" -noout -dates > ${TMP_FILE}

	#cat $TMP_FILE

	START_DATE=$(grep notBefore "${TMP_FILE}" \| cut -d'=' -f2)
	END_DATE=$(grep notAfter "${TMP_FILE}" \| cut -d'=' -f2)

	unlink "${TMP_FILE}"

	#echo "Start=$START_DATE"
	#echo "End=$END_DATE"

	START_EPOCH=$(date --date="${START_DATE}" +'%s')
	END_EPOCH=$(date --date="${END_DATE}" +'%s')
	NOW_EPOCH=$(date +'%s')

	#echo "Start=$START_EPOCH"
	#echo "End=$END_EPOCH"
	#echo "Now=$NOW_EPOCH"

	CERT_TTL=$(expr $END_EPOCH - $NOW_EPOCH)
	CERT_TTL_DAYS=$(expr $CERT_TTL / 86400)

	if [ "${CERT_TTL_DAYS}" -lt "${WARN_BEFORE_DAYS}" ]; then
	if [ "${CERT_TTL_DAYS}" -lt 0 ]; then
	CERT_TTL_DAYS=$(expr $CERT_TTL_DAYS \* -1)
	echo "CRITICAL - Certificate '${CERT}' expired ${CERT_TTL_DAYS} days ago"
	elif [ "${CERT_TTL_DAYS}" -eq 0 ]; then
	echo "CRITICAL - Certificate '${CERT}' is expiring TODAY"
	else
	echo "CRITICAL - Certificate '${CERT}' is expiring in ${CERT_TTL_DAYS} days"
	fi
	exit 2
	else
	echo "OK - Certificate '${CERT}' is expiring in ${CERT_TTL_DAYS} days"
	exit 0
	fi