jfeilbach/check_tls.sh

## check_tls.sh
#!/bin/bash
SECONDS=0
RED='\033[0;31m'
WHITE='\033[1;37m'
CYAN='\033[0;36m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

list=''

days='7'

echo ""
echo -e "${CYAN}Checking domain TLS cert expiration dates...\n${NC}"
echo ""

for domain in $list; do
	  echo -e "Checking domain: ${WHITE}${domain}${NC}"
	  out=$(echo | openssl s_client -showcerts -servername ${domain} -connect ${domain}:443 2>/dev/null | openssl x509 -inform pem -noout -text | grep 'Not After' | awk '{ print $4, $5, $7 }')
	  echo -e "Expires:         ${YELLOW}${out}${NC}"
    EXPDUR=$(($(date +%s) + (86400*7)))
    EXPDAT=$(date -d "${out}" +"%s")
    HUMDATE=$(date -d @${EXPDAT})
        if [ ${EXPDUR} -gt ${EXPDAT} ] ; then
            echo -e "\n${RED}*** WARNING TLS cert expires in less than 7 days.\n*** The TLS cert for ${domain} will expire on ${HUMDAT}${NC}\n"
        fi
    openssl s_client -showcerts -connect ${domain}:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > ${domain}.pem
    file=${domain}.pem
    openssl x509 -checkend $(( 86400 * $days )) -in ${file} > /dev/null
    if [ $? != 0 ]; then
        echo -e "${RED}==> Certificate ${domain} will expire in less than ${days} days... Please renew soon.${NC}"
        openssl x509 -enddate -in ${domain} -noout
#        else
#      echo -e "${WHITE}${domain} is not expiring in less than ${days} days. All good.${NC}"
    fi
    rm ${domain}.pem
    echo -e "===========================================================================\n"
done

displaytime () {
   local T=$SECONDS
   local D=$((T/60/60/24))
   local H=$((T/60/60%24))
   local M=$((T/60%60))
   local S=$((T%60))
   [[ $D > 0 ]] && printf '%d days ' $D
   [[ $H > 0 ]] && printf '%d hours ' $H
   [[ $M > 0 ]] && printf '%d minutes ' $M
   [[ $D > 0 || $H > 0 || $M > 0 ]] && printf 'and '
   printf '%d seconds\n' $S
}

echo ""
echo "Took $(displaytime) to complete ${0}."
exit 0

# To do
# Add email alert if expiring
# improve script so cert saving to file system is not needed
	#!/bin/bash
	SECONDS=0
	RED='\033[0;31m'
	WHITE='\033[1;37m'
	CYAN='\033[0;36m'
	YELLOW='\033[1;33m'
	NC='\033[0m' # No Color

	list=''

	days='7'

	echo ""
	echo -e "${CYAN}Checking domain TLS cert expiration dates...\n${NC}"
	echo ""

	for domain in $list; do
	echo -e "Checking domain: ${WHITE}${domain}${NC}"
	out=$(echo \| openssl s_client -showcerts -servername ${domain} -connect ${domain}:443 2>/dev/null \| openssl x509 -inform pem -noout -text \| grep 'Not After' \| awk '{ print $4, $5, $7 }')
	echo -e "Expires: ${YELLOW}${out}${NC}"
	EXPDUR=$(($(date +%s) + (86400*7)))
	EXPDAT=$(date -d "${out}" +"%s")
	HUMDATE=$(date -d @${EXPDAT})
	if [ ${EXPDUR} -gt ${EXPDAT} ] ; then
	echo -e "\n${RED}* WARNING TLS cert expires in less than 7 days.\n* The TLS cert for ${domain} will expire on ${HUMDAT}${NC}\n"
	fi
	openssl s_client -showcerts -connect ${domain}:443 </dev/null 2>/dev/null\|openssl x509 -outform PEM > ${domain}.pem
	file=${domain}.pem
	openssl x509 -checkend $(( 86400 * $days )) -in ${file} > /dev/null
	if [ $? != 0 ]; then
	echo -e "${RED}==> Certificate ${domain} will expire in less than ${days} days... Please renew soon.${NC}"
	openssl x509 -enddate -in ${domain} -noout
	# else
	# echo -e "${WHITE}${domain} is not expiring in less than ${days} days. All good.${NC}"
	fi
	rm ${domain}.pem
	echo -e "===========================================================================\n"
	done

	displaytime () {
	local T=$SECONDS
	local D=$((T/60/60/24))
	local H=$((T/60/60%24))
	local M=$((T/60%60))
	local S=$((T%60))
	[[ $D > 0 ]] && printf '%d days ' $D
	[[ $H > 0 ]] && printf '%d hours ' $H
	[[ $M > 0 ]] && printf '%d minutes ' $M
	[[ $D > 0 \|\| $H > 0 \|\| $M > 0 ]] && printf 'and '
	printf '%d seconds\n' $S
	}

	echo ""
	echo "Took $(displaytime) to complete ${0}."
	exit 0

	# To do
	# Add email alert if expiring
	# improve script so cert saving to file system is not needed