Once again I missed the expiry date of one of the SSL certificates on my server. Therefore I am now using a cronjob to warn me early enough that a certificate is about to expire.
This is the script
/usr/local/bin/ssl-cert-check which checks the expiry date of the certificate files passed as arguments:
#!/bin/bash DAYS=30 for file in "$@"; do openssl x509 -checkend $(( 86400 * $DAYS )) -in "$file" > /dev/null if [ $? != 0 ]; then echo "==> Certificate $file is about to expire soon:" openssl x509 -enddate -in "$file" -noout fi done
And the corresponding cronjob entry checking SSL certificates once a day:
MAILTO=root 6 6 * * * nobody /usr/local/bin/ssl-cert-check /etc/apache2/ssl/*.crt /etc/ssl/certs/dovecot.pem
Thanks. This really helpful. I apply this on F5 load balancer device.
There is also an updated and way more advanced version of this script. Check the follow-up blog post!
Pingback: Let’s Encrypt SSL certificate expiry reminder | hibern8