Created
August 8, 2016 14:14
-
-
Save davidelbe/83efcd27dfbc9713316d2188013fe8c1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'net/https' | |
require 'time' | |
require 'date' | |
require 'pathname' | |
# Validate certificates from Let's Encrypt so they | |
# don't expire. | |
class CertValidator | |
def self.run | |
domains.each do |domain| | |
validate_certificate(domain) | |
end | |
end | |
# Find Let's encrypt domains to validate | |
def self.domains | |
Pathname | |
.new('/etc/letsencrypt/live/') | |
.children.select(&:directory?) | |
.collect { |d| d.to_s.gsub('/etc/letsencrypt/live/', '') } | |
end | |
def self.notify | |
# TODO: actually notify someone when a domain can not be loaded | |
puts "WARNING: #{domain} expires soon" | |
end | |
def self.validate_certificate(domain) | |
cert = fetch_certificate(domain) | |
days = (cert.not_after.to_date - Date.today).to_i | |
puts "#{domain} - expires in #{days} days" | |
notify if days < 10 | |
end | |
def self.fetch_certificate(domain) | |
uri = URI.parse("https://#{domain}/") | |
http = Net::HTTP.new(uri.host, uri.port) | |
http.use_ssl = true | |
http.verify_mode = OpenSSL::SSL::VERIFY_NONE | |
http.start do |h| | |
@cert = h.peer_cert | |
end | |
@cert | |
end | |
end | |
CertValidator.run |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment