Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Code:
Check SSL (forums.applenova.com) (Zabbix server:system.run[/etc/zabbix/externalscripts/checkssl.sh forums.applenova.com]): 15 So I have a script running that feeds my zabbix monitoring to let me know when the cert is going to expire since LE seems to have stopped emailing us for these dates approaching. Code:
# cat /etc/zabbix/externalscripts/checkssl.sh
#!/bin/bash
data=`echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'`
ssldate=`date -d "${data}" '+%s'`
nowdate=`date '+%s'`
diff="$((${ssldate}-${nowdate}))"
echo $((${diff}/86400)) If you want to make this something that just emails you from your server you can instead use this one:Code:
$ cat testemail.sh
####################
#!/bin/bash
#
# Check certs and email when renewal needed
#
data=`echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'`
ssldate=`date -j -f "%b %d %T %Y %Z" "${data}" '+%s'`
nowdate=`date '+%s'`
diff="$((${ssldate}-${nowdate}))"
daysleft=$((${diff}/86400))
#echo $daysleft
echo "$1 SSL Certificate expires in $daysleft! Take action to renew it now!" | mail -s "URGENT: $1 SSL Certificate expiring soon" brad@bradsdomain.com Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Of course, if I weren't running this through the monitoring server I would have to if/then to not email under 15 days.
|
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
Well it's SSL season or something again... I wish I could go to school on this stuff but GADS is it complicated.
... |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
SSLs aren't bad really. It does depend on your host as to how "easy" it is though. If your host uses cPanel, it will do all of the SSLs for you automatically for free. If it is something like this server then it is a script at this point.
Something like acme.sh is the "easy button" for SSLs and Lets Encrypt nowadays. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
‽
|
It's running LE, so I imagine there is (supposed to be) an auto-refresh; it just didn't fire for some reason.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Brad specifically doesn't allow auto-renewal on AN's SSL. He has said it is his deadman's switch. We know he died if the SSL expires.
|
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
I replied to this thread earlier today because Safari threw up a warning page when I came here.
... |
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Powerbook 12" optical drive dead, won't accept discs! urgent applecare expiring soon! | stevegong | Genius Bar | 6 | 2006-08-15 20:22 |