-
Notifications
You must be signed in to change notification settings - Fork 1
/
check_ssl.sh
executable file
·50 lines (35 loc) · 1.12 KB
/
check_ssl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
#
# Checks expirations of SSL certificates. Tested for LE certificates
# $1 - domain name which is going to be checked
SRVNAME="$1"
#NAGIOS return values
NAGIOS_OK="0"
NAGIOS_WARNING="1"
NAGIOS_CRITICAL="2"
NAGIOS_UNKNOWN="3"
NOT_AFTER=$(echo | openssl s_client -showcerts -servername $SRVNAME -connect $SRVNAME:443 2>/dev/null | openssl x509 -inform pem -noout -enddate | sed -e 's#notAfter=##')
NOT_AFTER_SEC=`date -d "${NOT_AFTER}" '+%s'`
NOT_AFTER_DATE=`date -d @$NOT_AFTER_SEC`
#expire intervals in seconds
WARNING_SEC="432000"
CRITICAL_SEC="172800"
WRNSEC=$(($NOT_AFTER_SEC - $WARNING_SEC))
CRITSEC=$(($NOT_AFTER_SEC - $CRITICAL_SEC))
#echo $WRNSEC
#echo $CRITICAL_SEC
#seconds since 1970-01-01 00:00:00 UTC
SECONDS_NOW=`date +%s`
if [ "$SECONDS_NOW" -gt "$CRITSEC" ] ; then
echo "CRITICAL - Certificate expires very soon! FIX ASAP!"
exit $NAGIOS_CRITICAL
elif [ "$SECONDS_NOW" -gt "$WRNSEC" ] ; then
echo "WARNING - Five days to certificate expiration"
exit $NAGIOS_WARNING
else
echo "OK, cert expires on $NOT_AFTER_DATE"
exit $NAGIOS_OK
fi
#exit $NAGIOS_OK
# SEC to DATE:
#date -d @1556087733