chris-erickson/check_ssl_cert_validity.sh

## check_ssl_cert_validity.sh
#!/bin/sh
# Original source: http://superuser.com/a/620188/561192
# A few modifications to send an email and potentially account for running on linux

DEBUG=false
warning_days=29 # Number of days to warn about soon-to-expire certs
certs_to_check='google.com:443
www.apple.com:443'


for CERT in $certs_to_check
do
  $DEBUG && echo "Checking cert: [$CERT]"

  output=$(echo | openssl s_client -connect ${CERT} 2>/dev/null |\
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\
  openssl x509 -noout -subject -dates 2>/dev/null)

  if [ "$?" -ne 0 ]; then
    $DEBUG && echo "Error connecting to host for cert [$CERT]"
    logger -p local6.warn "Error connecting to host for cert [$CERT]"
    continue
  fi

  start_date=$(echo $output | sed 's/.*notBefore=\(.*\).*not.*/\1/g')
  end_date=$(echo $output | sed 's/.*notAfter=\(.*\)$/\1/g')

  $DEBUG && echo "Start Date [$start_date], End Date: [$end_date]"

  # OSX with gnu tools installed via homebrew
  # brew install coreutils
  # start_epoch=$(gdate +%s -d "$start_date")
  # end_epoch=$(gdate +%s -d "$end_date")
  # epoch_now=$(gdate +%s)

  start_epoch=$(date +%s -d "$start_date")
  end_epoch=$(date +%s -d "$end_date")
  epoch_now=$(date +%s)

  if [ "$start_epoch" -gt "$epoch_now" ]; then
    $DEBUG && echo "Certificate for [$CERT] is not yet valid"
    logger -p local6.warn "Certificate for $CERT is not yet valid"
  fi

  seconds_to_expire=$(($end_epoch - $epoch_now))
  days_to_expire=$(($seconds_to_expire / 86400))

  $DEBUG && echo "Days to expiry: ($days_to_expire)"

  warning_seconds=$((86400 * $warning_days))

  if [ "$seconds_to_expire" -lt "$warning_seconds" ]; then
    $DEBUG && echo "Cert [$CERT] is soon to expire ($seconds_to_expire seconds)"
    logger -p local6.warn "cert [$CERT] is soon to expire ($seconds_to_expire seconds)"

    # Linux
    echo "Check that letsencrypt is running?" | mail -r "FROM@THESERVER.com" -s "SSL certs expiring in less than 30 days" "TO@THEADMIN.com"
  fi
done
	#!/bin/sh
	# Original source: http://superuser.com/a/620188/561192
	# A few modifications to send an email and potentially account for running on linux

	DEBUG=false
	warning_days=29 # Number of days to warn about soon-to-expire certs
	certs_to_check='google.com:443
	www.apple.com:443'


	for CERT in $certs_to_check
	do
	$DEBUG && echo "Checking cert: [$CERT]"

	output=$(echo \| openssl s_client -connect ${CERT} 2>/dev/null \|\
	sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \|\
	openssl x509 -noout -subject -dates 2>/dev/null)

	if [ "$?" -ne 0 ]; then
	$DEBUG && echo "Error connecting to host for cert [$CERT]"
	logger -p local6.warn "Error connecting to host for cert [$CERT]"
	continue
	fi

	start_date=$(echo $output \| sed 's/.notBefore=\(.\).not./\1/g')
	end_date=$(echo $output \| sed 's/.notAfter=\(.\)$/\1/g')

	$DEBUG && echo "Start Date [$start_date], End Date: [$end_date]"

	# OSX with gnu tools installed via homebrew
	# brew install coreutils
	# start_epoch=$(gdate +%s -d "$start_date")
	# end_epoch=$(gdate +%s -d "$end_date")
	# epoch_now=$(gdate +%s)

	start_epoch=$(date +%s -d "$start_date")
	end_epoch=$(date +%s -d "$end_date")
	epoch_now=$(date +%s)

	if [ "$start_epoch" -gt "$epoch_now" ]; then
	$DEBUG && echo "Certificate for [$CERT] is not yet valid"
	logger -p local6.warn "Certificate for $CERT is not yet valid"
	fi

	seconds_to_expire=$(($end_epoch - $epoch_now))
	days_to_expire=$(($seconds_to_expire / 86400))

	$DEBUG && echo "Days to expiry: ($days_to_expire)"

	warning_seconds=$((86400 * $warning_days))

	if [ "$seconds_to_expire" -lt "$warning_seconds" ]; then
	$DEBUG && echo "Cert [$CERT] is soon to expire ($seconds_to_expire seconds)"
	logger -p local6.warn "cert [$CERT] is soon to expire ($seconds_to_expire seconds)"

	# Linux
	echo "Check that letsencrypt is running?" \| mail -r "FROM@THESERVER.com" -s "SSL certs expiring in less than 30 days" "TO@THEADMIN.com"
	fi
	done