timdp/list-cloudflare-zone-ssl-tokens.sh

## list-cloudflare-zone-ssl-tokens.sh
#!/bin/bash

set -euo pipefail

curl \
    --silent \
    "https://api.cloudflare.com/client/v4/zones" \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
    -H "Content-Type: application/json" |
  jq -r '
    .result[] |
    select(.type == "partial") |
    [.id, .name] |
    join(" ")
  ' |
  while read zone_id zone_name; do
    echo "$zone_name [$zone_id]"
    echo
    curl \
      --silent \
      "https://api.cloudflare.com/client/v4/zones/$zone_id/ssl/verification" \
      -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
      -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
      -H "Content-Type: application/json" |
    jq -r '
      .result[] |
      select(.verification_type == "cname") |
      [
        .verification_info.record_name,
        .verification_info.record_target,
        .certificate_status
      ] |
      join(" ")
    ' |
    while read record_name record_target cert_status; do
      record_target=${record_target,,}.
      if [[ -z $cert_status ]]; then
        cert_status=unknown
      fi
      dns_response=$( dig +short CNAME $record_name | head -1 )
      if [[ $dns_response == $record_target ]]; then
        dns_status=present
      else
        dns_status=missing
      fi
      echo "  - $record_name"
      echo "      CNAME"
      echo "      $record_target"
      echo "    Certificate: $cert_status"
      echo "    DNS record:  $dns_status"
      echo
    done
    echo
  done
	#!/bin/bash

	set -euo pipefail

	curl \
	--silent \
	"https://api.cloudflare.com/client/v4/zones" \
	-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
	-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
	-H "Content-Type: application/json" \|
	jq -r '
	.result[] \|
	select(.type == "partial") \|
	[.id, .name] \|
	join(" ")
	' \|
	while read zone_id zone_name; do
	echo "$zone_name [$zone_id]"
	echo
	curl \
	--silent \
	"https://api.cloudflare.com/client/v4/zones/$zone_id/ssl/verification" \
	-H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
	-H "X-Auth-Key: $CLOUDFLARE_TOKEN" \
	-H "Content-Type: application/json" \|
	jq -r '
	.result[] \|
	select(.verification_type == "cname") \|
	[
	.verification_info.record_name,
	.verification_info.record_target,
	.certificate_status
	] \|
	join(" ")
	' \|
	while read record_name record_target cert_status; do
	record_target=${record_target,,}.
	if [[ -z $cert_status ]]; then
	cert_status=unknown
	fi
	dns_response=$( dig +short CNAME $record_name \| head -1 )
	if [[ $dns_response == $record_target ]]; then
	dns_status=present
	else
	dns_status=missing
	fi
	echo " - $record_name"
	echo " CNAME"
	echo " $record_target"
	echo " Certificate: $cert_status"
	echo " DNS record: $dns_status"
	echo
	done
	echo
	done