ssl-expire

#!/bin/bash

# based on: https://github.com/skylime/mi-core-base/blob/master/copy/opt/core/bin/ssl-expire.sh

domains=${*:?}
today_unixtime=$(date +%s)
trigger_unixtime=$(date +%s -d "+31 days")

for domain in ${domains}; do

    crt="${TMPDIR:-/tmp}/$(mktemp cert-XXXXX)"
    echo | openssl s_client -connect "${domain}:443" 2>/dev/null > "$crt"
    if [[ $? -ne 0 ]];then
        error[${#error[*]}]="$domain"
        rm "$crt"
        continue
    fi
    subject=$(openssl x509 -in "${crt}" -subject -noout | sed 's:.*/CN=\(.*\)$:\1:g')
    expire_unixtime=$(date --date="$(openssl x509 -in "${crt}" -enddate -noout | cut -d= -f 2)" +%s)
    rm "$crt"
    expire_datetime=$(date +"%Y-%m-%d" -d "@${expire_unixtime}")

    # expired
    if [ "${today_unixtime}" -gt "${expire_unixtime}" ]; then
        critical[${#critical[*]}]="${expire_datetime}: ${subject} ($domain)"
    # expire during trigger unixtime
    elif [[ ${expire_unixtime} -lt ${trigger_unixtime} && ${expire_unixtime} -gt ${today_unixtime} ]]; then
        warning[${#warning[*]}]="${expire_datetime}: ${subject} ($domain)"
    fi
done

# Output
if [[ "${error[0]}" ]]; then
    echo "ERRORED: "
    (for c in "${error[@]}"; do
        echo " ${c}"
    done) | sort -M -k 2
fi

if [[ "${critical[0]}" ]]; then
    echo "EXPIRED: "
    (for c in "${critical[@]}"; do
        echo " ${c}"
    done) | sort -M -k 2
fi

if [[ "${warning[0]}" ]]; then
    echo "EXPIRE SOON: "
    (for w in "${warning[@]}"; do
        echo " ${w}"
    done) | sort -M -k 2
fi