Last active
June 25, 2019 19:38
-
-
Save jfeilbach/99f1f12ac760cc32454bb8a3fcce7a5b to your computer and use it in GitHub Desktop.
Get TLS cert expiration and send reminder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SECONDS=0 | |
| RED='\033[0;31m' | |
| WHITE='\033[1;37m' | |
| CYAN='\033[0;36m' | |
| YELLOW='\033[1;33m' | |
| NC='\033[0m' # No Color | |
| LIST='host1 host2 host3' | |
| echo "" | |
| echo "Checking domain TLS cert expiration dates..." | |
| echo "" | |
| for DOMAIN in $LIST | |
| do | |
| echo -e "FQDN >>> ${WHITE}${DOMAIN}${NC}" | |
| echo '=================================' | |
| OUT=$(echo | openssl s_client -showcerts -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -inform pem -noout -text | grep 'Not After' | awk '{ print $4, $5, $7 }') | |
| echo -e "Expires: ${YELLOW}${OUT}${NC}" | |
| echo $OUT | |
| EXPDUR=$(($(date +%s) + (86400*7))) | |
| echo epoch how many days to expir ${EXPDUR} | |
| EXPDAT=$(date -d "${OUT}" +"%s") | |
| echo epoch expir date ${EXPDAT} | |
| echo "" | |
| if [ ${EXPDUR} -gt ${EXPDAT} ] ; then | |
| echo -e "\n${RED}WARNING TLS cert expires in less than 7 days. The TLS cert for ${DOMAIN} will expire on ${OUT}${NC}\n" | |
| echo "Warning TLS cert for domain ${DOMAIN} is about to expire.\n\nThe TLS cert for ${DOMAIN} will expire on ${OUT}. Please resolve this issue quickly, you lazy bastard." | mail -s "Warning TLS cert for domain ${DOMAIN} is about to expire." [email protected] | |
| else | |
| echo -e "Everything is awesome" | |
| fi | |
| done | |
| #x509=$(echo | openssl s_client -showcerts -servername ${domain} -connect ${domain}:443 2>/dev/null | openssl x509 -inform pem -noout -text) | |
| #echo $x509 | |
| # do a date compare | |
| # send a reminder if n num days is less than x days | |
| displaytime () { | |
| local T=$SECONDS | |
| local D=$((T/60/60/24)) | |
| local H=$((T/60/60%24)) | |
| local M=$((T/60%60)) | |
| local S=$((T%60)) | |
| [[ $D > 0 ]] && printf '%d days ' $D | |
| [[ $H > 0 ]] && printf '%d hours ' $H | |
| [[ $M > 0 ]] && printf '%d minutes ' $M | |
| [[ $D > 0 || $H > 0 || $M > 0 ]] && printf 'and ' | |
| printf '%d seconds\n' $S | |
| } | |
| echo "Took $(displaytime) to complete ${0}." | |
| exit 0 | |
| #!/bin/bash | |
| # openssl checkend option looks to be useful, d'oh! | |
| # -checkend arg ; Checks if the certificate expires within the next arg seconds and exits non-zero if yes it will expire or zero if not. | |
| DAYS=7 | |
| for file in "$@"; do | |
| openssl x509 -checkend $(( 86400 * $DAYS )) -in "$file" > /dev/null | |
| if [ $? != 0 ]; then | |
| echo "==> Certificate $file is about to expire soon:" | |
| openssl x509 -enddate -in "$file" -noout | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment