Skip to content

Instantly share code, notes, and snippets.

@zakthan
Forked from cgmartin/check-certs.sh
Last active February 5, 2021 10:09
Show Gist options
  • Save zakthan/b28c8819f699770cc1a802fea02b8c23 to your computer and use it in GitHub Desktop.
Save zakthan/b28c8819f699770cc1a802fea02b8c23 to your computer and use it in GitHub Desktop.
Bash SSL Certificate Expiration Check
#!/bin/bash
TARGETS="www.google.com www.cnn.com";
RECIPIENT="aaa@gmail.com";
DAYS=7;
for TARGET in $TARGETS
do
echo "checking if $TARGET expires in less than $DAYS days";
expirationdate=$(date -d "$(: | openssl s_client -connect $TARGET:443 -servername $TARGET -4 2>/dev/null \
| openssl x509 -text \
| grep 'Not After' \
|awk '{print $4,$5,$7}')" '+%s');
in7days=$(($(date +%s) + (86400*$DAYS)));
if [ $in7days -gt $expirationdate ]; then
echo "KO - Certificate for $TARGET expires in less than $DAYS days, on $(date -d @$expirationdate '+%Y-%m-%d')"
##echo "KO - Certificate for $TARGET expires in less than $DAYS days, on $(date -d @$expirationdate '+%Y-%m-%d')" \
##| mail -s "Certificate expiration warning for $TARGET" $RECIPIENT ;
else
echo "OK - Certificate expires on $(printf '%(%F %T)T\n' $expirationdate)"
fi
done
@zakthan
Copy link
Author

zakthan commented Feb 5, 2021

changes:

  • openssl uses ipv4 only
  • while loop to add multiple target check
  • print date in human readable format if cert is ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment