Last active
March 23, 2023 07:18
-
-
Save benkitzelman/56103dfba3e10429438034f6a5759b26 to your computer and use it in GitHub Desktop.
Check the SSL cert expiry times are within x days and notify via slack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# usage: ./check_ssl_cert.sh <comma sep list of domains> <warning threshold in days> <slack hook> | |
# Example: ./check_ssl_cert.sh www.myhost.com,www.otherhost.com 30 https://hooks.slack.com/hook/path | |
HOSTS=${1:-google.com} # comma separated list of hosts host1.com,host2.com | |
EXPIRES_IN_D=${2:-30} # warning threshold - post notification if a cert expires within X days | |
SLACK_CHANNEL=${3:-https://hooks.slack.com/services/some/incoming/webook/channel} | |
function notify() | |
{ | |
MSG=$1 | |
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$MSG\"}" $SLACK_CHANNEL | |
echo -e "\n----\n$MSG\n----\n" | |
} | |
let EXPIRES_IN_S=$((EXPIRES_IN_D * 60 * 60 * 24)) | |
let EXIT=0 | |
IFS=',' read -ra HOST_ARR <<< "$HOSTS" | |
for HOST in "${HOST_ARR[@]}"; do | |
echo "Checking if SSL certificate for host: $HOST expires in $EXPIRES_IN_D days ($EXPIRES_IN_S seconds)" | |
EXPIRY=`(openssl s_client -connect $HOST:443 -servername $HOST 2> /dev/null <<< "Q" | openssl x509 -dates -noout | sed -n '2 p' | sed 's/^notAfter=\(.*\)$/\1/')` | |
if openssl s_client -connect $HOST:443 -servername $HOST 2> /dev/null <<< "Q" | openssl x509 -dates -checkend $EXPIRES_IN_S; then | |
notify "The SSL certificate for $HOST is ok (expires on $EXPIRY)" | |
else | |
notify ":warning: *WARNING:* <!channel> The SSL certificate for $HOST will expire within the threshold of $EXPIRES_IN_D days *on $EXPIRY*" | |
EXIT=1 | |
fi | |
done | |
exit $EXIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check the state of SSL on production | |
on: | |
schedule: | |
- cron: '0 14 * * 1' | |
jobs: | |
issue: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check SSL Cert and post outcome on slack channel | |
run: ./script/check_ssl.sh my-domain.com 30 https://hooks.slack.com/services/some/webhook |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment