Automatic monitoring of the SSL certificate expiration date
This is not really about database administration, but one of the problems I often face is monitoring of the expiration of SSL certificates on my clients’ web servers. It usually takes some time to renew a certificate, and it helps to know in advance that I need to get the process started.Here’s a little script that checks the certificate on a given web server and sends a reminder if it is about to expire:
#!/bin/bash# checks the ssl certificate expiration date of a given host
# Usage: ./checksslcert.sh <hostname> [<port>]
# Port defaults to 443 if not specified
test -z "$1" && echo "Usage: $0 <hostname> [<port>]" && exit 0
tempstr=$(openssl s_client -connect $1:${2:-443} 2>/dev/null >$0.log)
test $? -gt 0 && echo "Error accessing SSL certificate on $1" && exit 1
exptime=$(date -d"${tempstr#*=}" +"%s")
expdays=$(((${exptime} - $(date +"%s"))/84400))
echo "SSL certificate on $1 expires in $expdays days"
test $expdays -lt 45 && echo "Do something!" | mailx -s "SSL certificate on $1 expires in $expdays days" admin@domain.com
Run it daily by cron and you will never miss the expiration date again. The script needs the GNU date utility and openssl to be installed. It has been tested under bash, but you can easily modify it to run under other shells.