benkitzelman/GH Action - every monday at 2pm

## check_ssl_cert.sh
#!/bin/bash

# usage:   ./check_ssl_cert.sh <comma sep list of domains> <warning threshold in days> <slack hook>
# Example: ./check_ssl_cert.sh www.myhost.com,www.otherhost.com 30 https://hooks.slack.com/hook/path

HOSTS=${1:-google.com}      # comma separated list of hosts host1.com,host2.com
EXPIRES_IN_D=${2:-30}       # warning threshold - post notification if a cert expires within X days
SLACK_CHANNEL=${3:-https://hooks.slack.com/services/some/incoming/webook/channel}

function notify()
{
  MSG=$1
  curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$MSG\"}" $SLACK_CHANNEL
  echo -e "\n----\n$MSG\n----\n"
}

let EXPIRES_IN_S=$((EXPIRES_IN_D * 60 * 60 * 24))
let EXIT=0

IFS=',' read -ra HOST_ARR <<< "$HOSTS"

for HOST in "${HOST_ARR[@]}"; do
  echo "Checking if SSL certificate for host: $HOST expires in $EXPIRES_IN_D days ($EXPIRES_IN_S seconds)"
  EXPIRY=`(openssl s_client -connect $HOST:443 -servername $HOST 2> /dev/null <<< "Q" | openssl x509 -dates -noout | sed -n '2 p' | sed 's/^notAfter=\(.*\)$/\1/')`

  if openssl s_client -connect $HOST:443 -servername $HOST 2> /dev/null <<< "Q" | openssl x509 -dates -checkend $EXPIRES_IN_S; then
    notify "The SSL certificate for $HOST is ok (expires on $EXPIRY)"
  else
    notify ":warning: *WARNING:* <!channel> The SSL certificate for $HOST will expire within the threshold of $EXPIRES_IN_D days *on $EXPIRY*"
    EXIT=1
  fi
done

exit $EXIT

## GH Action - every monday at 2pm
name: Check the state of SSL on production
on:
  schedule:
    - cron: '0 14 * * 1'
jobs:
  issue:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check SSL Cert and post outcome on slack channel
        run: ./script/check_ssl.sh my-domain.com 30 https://hooks.slack.com/services/some/webhook
	#!/bin/bash

	# usage: ./check_ssl_cert.sh <comma sep list of domains> <warning threshold in days> <slack hook>
	# Example: ./check_ssl_cert.sh www.myhost.com,www.otherhost.com 30 https://hooks.slack.com/hook/path

	HOSTS=${1:-google.com} # comma separated list of hosts host1.com,host2.com
	EXPIRES_IN_D=${2:-30} # warning threshold - post notification if a cert expires within X days
	SLACK_CHANNEL=${3:-https://hooks.slack.com/services/some/incoming/webook/channel}

	function notify()
	{
	MSG=$1
	curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$MSG\"}" $SLACK_CHANNEL
	echo -e "\n----\n$MSG\n----\n"
	}

	let EXPIRES_IN_S=$((EXPIRES_IN_D * 60 * 60 * 24))
	let EXIT=0

	IFS=',' read -ra HOST_ARR <<< "$HOSTS"

	for HOST in "${HOST_ARR[@]}"; do
	echo "Checking if SSL certificate for host: $HOST expires in $EXPIRES_IN_D days ($EXPIRES_IN_S seconds)"
	EXPIRY=`(openssl s_client -connect $HOST:443 -servername $HOST 2> /dev/null <<< "Q" \| openssl x509 -dates -noout \| sed -n '2 p' \| sed 's/^notAfter=\(.*\)$/\1/')`

	if openssl s_client -connect $HOST:443 -servername $HOST 2> /dev/null <<< "Q" \| openssl x509 -dates -checkend $EXPIRES_IN_S; then
	notify "The SSL certificate for $HOST is ok (expires on $EXPIRY)"
	else
	notify ":warning: WARNING: <!channel> The SSL certificate for $HOST will expire within the threshold of $EXPIRES_IN_D days on $EXPIRY"
	EXIT=1
	fi
	done

	exit $EXIT
	name: Check the state of SSL on production
	on:
	schedule:
	- cron: '0 14 * * 1'
	jobs:
	issue:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Check SSL Cert and post outcome on slack channel
	run: ./script/check_ssl.sh my-domain.com 30 https://hooks.slack.com/services/some/webhook