Get SSL Expiration Alerts with AWS Lambda and CloudWatch(serverlesscode.com) |
Get SSL Expiration Alerts with AWS Lambda and CloudWatch(serverlesscode.com) |
TARGET="mysite.example.net"; \
RECIPIENT="hostmaster@mysite.example.net"; \
DAYS=7; \
echo "checking if $TARGET expires in less than $DAYS days"; \
expirationdate=$(date -d "$(: | openssl s_client -connect $TARGET:443 -servername $TARGET 2>/dev/null \
| openssl x509 -text \
| grep 'Not After' \
|awk '{print $4,$5,$7}')" '+%s'); \
in7days=$(($(date +%s) + (86400*$DAYS))); \
if [ $in7days -gt $expirationdate ]; then \
echo "KO - Certificate for $TARGET expires in less than $DAYS days, on $(date -d @$expirationdate '+%Y-%m-%d')" \
| mail -s "Certificate expiration warning for $TARGET" $RECIPIENT ; \
else \
echo "OK - Certificate expires on $expirationdate"; \
fi; [
{
"ServerCertificateMetadataList": [
{
"ServerCertificateId": "REDACTED",
"ServerCertificateName": "ALSO-REDACTED",
"Expiration": "2016-11-10T23:56:37Z",
"Path": "/",
"Arn": "MORE-REDACTION",
"UploadDate": "2015-11-11T23:56:43Z"
},
...
Why?Nice write up. But a bit over kill for something that you can solve with a calendar item. ...Doesn't actually have to be on google though ;)
I would love just a simple iPhone app where I can list my domains and get push notices at 30 or 7 days from expiration. Maybe I should make this myself because I've yet to find one.
/usr/lib/nagios/plugins/check_http --ssl -C 14 -H '$HOSTADDRESS$' -I '$HOSTADDRESS$'