User Name
Password
AppleNova Forums » Feedback »

SSL expiring soon... again...


Register Members List Calendar Search FAQ Posting Guidelines
SSL expiring soon... again...
Thread Tools
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2022-08-11, 10:34

Code:
Check SSL (forums.applenova.com) (Zabbix server:system.run[/etc/zabbix/externalscripts/checkssl.sh forums.applenova.com]): 15
So I have a script running that feeds my zabbix monitoring to let me know when the cert is going to expire since LE seems to have stopped emailing us for these dates approaching.

Code:
# cat /etc/zabbix/externalscripts/checkssl.sh #!/bin/bash data=`echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'` ssldate=`date -d "${data}" '+%s'` nowdate=`date '+%s'` diff="$((${ssldate}-${nowdate}))" echo $((${diff}/86400))
If you want to make this something that just emails you from your server you can instead use this one:
Code:
$ cat testemail.sh #################### #!/bin/bash # # Check certs and email when renewal needed # data=`echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'` ssldate=`date -j -f "%b %d %T %Y %Z" "${data}" '+%s'` nowdate=`date '+%s'` diff="$((${ssldate}-${nowdate}))" daysleft=$((${diff}/86400)) #echo $daysleft echo "$1 SSL Certificate expires in $daysleft! Take action to renew it now!" | mail -s "URGENT: $1 SSL Certificate expiring soon" brad@bradsdomain.com

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2022-08-11, 10:40

Of course, if I weren't running this through the monitoring server I would have to if/then to not email under 15 days.
  quote
drewprops
Space Pirate
 
Join Date: May 2004
Location: Atlanta
 
2023-11-21, 12:06

Well it's SSL season or something again... I wish I could go to school on this stuff but GADS is it complicated.


...
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2023-11-21, 13:20

SSLs aren't bad really. It does depend on your host as to how "easy" it is though. If your host uses cPanel, it will do all of the SSLs for you automatically for free. If it is something like this server then it is a script at this point.

Something like acme.sh is the "easy button" for SSLs and Lets Encrypt nowadays.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2023-11-21, 15:27

It's running LE, so I imagine there is (supposed to be) an auto-refresh; it just didn't fire for some reason.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2023-11-21, 15:29

Brad specifically doesn't allow auto-renewal on AN's SSL. He has said it is his deadman's switch. We know he died if the SSL expires.
  quote
drewprops
Space Pirate
 
Join Date: May 2004
Location: Atlanta
 
2023-11-21, 19:20

I replied to this thread earlier today because Safari threw up a warning page when I came here.


...
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Powerbook 12" optical drive dead, won't accept discs! urgent applecare expiring soon! stevegong Genius Bar 6 2006-08-15 20:22


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 03:02.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova