andre/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check_sslcerts/checksslcerts.sh aktualisiert

Browse Source
This commit is contained in:
andre
2025-05-28 10:42:26 +02:00
parent 381897a016
commit 909ed6cf34
1 changed files with 44 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
check_sslcerts/checksslcerts.sh
View File

@@ -1,8 +1,10 @@
#!/bin/bash #!/bin/bash
## crontab ## crontab
## 0 5 * * * bash /data/scripts/sslcerts/checksslcerts.sh 2>&1 > /tmp/checksslcert.log ## 0 4 * * * bash /data/scripts/sslcerts/create_sites.sh > /data/scripts/sslcerts/sites.txt
## 0 5 * * * bash /data/scripts/sslcerts/checksslcerts.sh 2>&1 > /tmp/checksslcert.log
#!/bin/bash
sites=$(cat /data/scripts/sslcerts/sites.txt) sites=$(cat /data/scripts/sslcerts/sites.txt)
@@ -10,49 +12,52 @@ export SITE_SSL_PORT="443"
for site in `echo $sites` for site in `echo $sites`
do do
export SITE_URL=$site export SITE_URL=$site
notAfter=$(/usr/bin/openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} \ notAfter=$(/usr/bin/openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} \
-servername ${SITE_URL} 2> /dev/null | /usr/bin/openssl x509 -noout -dates | grep notAfter) -servername ${SITE_URL} 2> /dev/null | /usr/bin/openssl x509 -noout -dates | grep notAfter)
not_after=$(echo "$notAfter" | cut -d= -f2-) not_after=$(echo "$notAfter" | cut -d= -f2-)
now_ts=$(date +%s) now_ts=$(date +%s)
expiry_ts=$(date -d "$not_after" +%s) expiry_ts=$(date -d "$not_after" +%s)
diff_sec=$((expiry_ts - now_ts)) diff_sec=$((expiry_ts - now_ts))
diff_days=$((diff_sec / 86400)) diff_days=$((diff_sec / 86400))
if [ "$diff_days" -lt 14 ] if [ "$not_after" != "" ]
then then
echo "send warning für $site ($diff_days)" if [ "$diff_days" -lt 14 ]
url="https://msg.rproxy.conet-services.de/message.php" then
# JSON-Daten für den POST-Request echo "send warning für $site ($diff_days)"
json_data=$(cat <<EOF url="https://msg.rproxy.conet-services.de/message.php"
{ # JSON-Daten für den POST-Request
"msg": "Certificate for $site is about to expire in $diff_days day(s)", json_data=$(cat <<EOF
"subject": "Certificate expiration warning", {
"x_conet_src": "conetadm@conlxscript1:/data/scripts/sslcerts/checksslcerts.sh", "msg": "Certificate for $site is about to expire in $diff_days day(s)",
"from_descr": "CONET Monitoring", "subject": "Certificate expiration warning",
"from_email": "noreply@conet-services.de", "x_conet_src": "conetadm@conlxscript1:/data/scripts/sslcerts/checksslcerts.sh",
"to_email": "help@conet.de", "from_descr": "CONET Monitoring",
"reply_mail": "support-con@tasks.conet.de" "from_email": "noreply@conet-services.de",
} "to_email": "help@conet.de",
"reply_mail": "support-con@tasks.conet.de"
}
EOF EOF
) )
# Senden der POST-Anfrage mit curl # Senden der POST-Anfrage mit curl
response=$(curl -s -X POST $url \ response=$(curl -s -X POST $url \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "$json_data" -d "$json_data"
) )
fi fi
printf "%02d days" "$diff_days"
echo -n "@"
printf "%30s" "$not_after"
echo -n ":"
printf "%40s\n" "$site"
echo "delete from sslcerts where cn='$site'" | /usr/bin/mysql -u conetadm -p'Conet12#' -Dscripts
echo "INSERT INTO sslcerts (expiration, datestring, cn) VALUES ('$diff_days', '$not_after', '$site') ON DUPLICATE KEY UPDATE cn = VALUES(cn);" | /usr/bin/mysql -u conetadm -p'Conet12#' -Dscripts
printf "%02d days" "$diff_days"
echo -n "@"
printf "%30s" "$not_after"
echo -n ":"
printf "%40s\n" "$site"
echo "delete from sslcerts where cn='$site'" | /usr/bin/mysql -u conetadm -p'Conet12#' -Dscripts
echo "INSERT INTO sslcerts (expiration, datestring, cn) VALUES ('$diff_days', '$not_after', '$site') ON DUPLICATE KEY UPDATE cn = VALUES(cn);" | /usr/bin/mysql -u conetadm -p'Conet12#' -Dscripts
else
echo "cannot get certificate from $site"
fi
done done