证书会经常面临过期而没有及时续费的情况,写个脚本提醒一下自己吧:
crontab -l
0 8 * * * /usr/local/bin/check_ssl.sh www.ddky.com
check_ssl.sh的内容:
1#!/bin/bash
2# Print the number of days till certificate expiration
3#
4# Example:
5# $ check_cert.sh sleeplessbeastie.eu
6# 81
7# $ check_cert.sh lwn.net
8# 630
9#
10# Exit codes:
11# 0 - certificate is not expired
12# 1 - certificate is expired
13# 254 - certificate is empty
14# 255 - DNS resolution failed
15#
16
17# temporary file to store certificate
18certificate_file=$(mktemp)
19
20# delete temporary file on exit
21trap "unlink $certificate_file" EXIT
22
23if [ "$#" -eq "1" ]; then
24 website="$1"
25 host "$website" >&-
26 if [ "$?" -eq "0" ]; then
27 echo -n | openssl s_client -servername "$website" -connect "$website":443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
28 certificate_size=$(stat -c "%s" $certificate_file)
29 if [ "$certificate_size" -gt "1" ]; then
30 date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
31 date_s=$(date -d "${date}" +%s)
32 now_s=$(date -d now +%s)
33 date_diff=$(( (date_s - now_s) / 86400 ))
34 echo "$date_diff"
35 if [ "$date_diff" -le 37 ]; then
36 /usr/local/bin/mailsend -q -to "zhangranrui@ddky.com" -from monit@ddky.com -ssl -port 465 -auth -auth-plan -smtp smtp.exmail.qq.com -sub "证书就要到期了" -v -user "monit@ddky.com" -pass "xxxxxxxx" -cs "utf-8" -enc-type "base64" -M "$website 还有 $date_diff 天就要到期了!!!"
37 fi
38 if [ "$date_s" -gt "$now_s" ]; then
39 exit 0 # ok
40 else
41 exit 1 # not ok
42 fi
43 else
44 exit 254
45 fi
46 else
47 exit 255
48 fi
49fi
