Tue 9 Mar 2010
Maybe you have a ton of SSL certs you’ve purchased from different vendors and you’d like warning when they’ll expire.
http://prefetch.net/articles/checkcertificate.html has a free bash script that will check the certs for you and notify you when you need to renew.
first, run this to get the list of SSL sites on your apache2 server:
grep 443 /etc/apache2/sites-enabled/*.conf |grep ServerName|awk '{print $3 }'|uniq|perl -p -e 's/:/ /g'|sort|perl -p -e 's/\r//g'>currentssls.txt
then run the script to check each of those sites (as listed in the currentssls.txt file)
# ./ssl-cert-check -f currentssls.txt|sort -nk6|sed '/^$/d'|sed 1d Host Status Expires Days www.example1.com:443 Valid Apr 16 2010 38 www.example2.com:443 Valid May 10 2010 62 www.example3.com:443 Valid May 14 2010 66
and now let’s add it to cron, instructing the script to send out an email 30 days before expiration:
# crontab -l
10 10 * * * grep 443 /etc/apache2/sites-enabled/*.conf |grep ServerName|awk '{print $3 }'|uniq|perl -p -e 's/:/ /g'|sort|perl -p -e 's/\r//g'>currentssls.txt
30 10 * * * ~/ssl-cert-check -a -f ~/currentssls.txt -q -x 30 -e you@example.com