#!/bin/bash

## crontab
##   0    5  *   *   *     bash /data/scripts/sslcerts/checksslcerts.sh 2>&1 > /tmp/checksslcert.log


sites=$(cat /data/scripts/sslcerts/sites.txt)

export SITE_SSL_PORT="443"

for site in `echo $sites`
do
 export SITE_URL=$site
 
 notAfter=$(/usr/bin/openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} \
  -servername ${SITE_URL} 2> /dev/null | /usr/bin/openssl x509 -noout  -dates | grep notAfter)
 
 not_after=$(echo "$notAfter" | cut -d= -f2-)
 
 now_ts=$(date +%s)
 expiry_ts=$(date -d "$not_after" +%s)
 diff_sec=$((expiry_ts - now_ts))
 diff_days=$((diff_sec / 86400))

 if [ "$diff_days" -lt 14 ]
 then
  echo "send warning für $site ($diff_days)"
  url="https://msg.rproxy.conet-services.de/message.php"
  # JSON-Daten für den POST-Request
  json_data=$(cat <<EOF
{
     "msg": "Certificate for $site is about to expire in $diff_days day(s)",
     "subject": "Certificate expiration warning",
     "x_conet_src": "conetadm@conlxscript1:/data/scripts/sslcerts/checksslcerts.sh",
     "from_descr": "CONET Monitoring",
     "from_email": "noreply@conet-services.de",
     "to_email": "help@conet.de",
     "reply_mail": "support-con@tasks.conet.de"
}
EOF
) 
  # Senden der POST-Anfrage mit curl
  response=$(curl -s -X POST $url \
                     -H "Content-Type: application/json" \
                     -d "$json_data"
            )
 fi
 
 printf "%02d days" "$diff_days"
 echo -n "@"
 printf "%30s" "$not_after"
 echo -n ":"
 printf "%40s\n" "$site"
 echo "delete from sslcerts where cn='$site'" | /usr/bin/mysql -u conetadm -p'Conet12#' -Dscripts
 echo "INSERT INTO sslcerts (expiration, datestring, cn) VALUES ('$diff_days', '$not_after', '$site') ON DUPLICATE KEY UPDATE cn = VALUES(cn);" | /usr/bin/mysql -u conetadm -p'Conet12#' -Dscripts

 
done