shell/certificate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1st commit

Browse Source 
-urls_check.sh check status code and certificate validity for a list of domains (urls_list.txt)

-validity.sh only check certificate validity for an array of domains

-both send notification if certificate is outdated.
This commit is contained in:
Bruno21
2024-11-01 12:15:47 +01:00
commit e23249c733
3 changed files with 520 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
validity.sh Executable file
View File

@@ -0,0 +1,163 @@
#!/usr/bin/env bash
# Check SSL certificates for key domains
#
# Run: ./validity.sh
VERSION="v0.9"
red="\033[1;31m"
greenbold="\033[1;32m"
green="\033[0;32m"
yellow="\033[0;33m"
yellowbold="\033[1;33m"
bold="\033[1m"
italic="\033[3m"
#bold_under="\033[1;4m"
underline="\033[4m"
reset="\033[0m"
#echo | openssl s_client -servername maboiteverte.fr -connect maboiteverte.fr:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
#export PATH="/usr/local/bin:$PATH"
# run by cron $PATH=/usr/bin:/bin
#command -v showcert >/dev/null 2>&1 || { echo -e "${bold}showcert${reset} is not installed ${italic}(pip install showcert)${reset}. Aborting..." >&2; exit 1; }
curl -Is https://www.apple.com | head -1 | grep 200 1>/dev/null
if [ $? -eq 1 ]; then
echo -e "\n${red}No Internet connection !${reset}"
echo -e "Exit !"
exit 1
fi
hosts=("maboiteverte.fr" "sur-le-sentier.fr" "photos-nas.ovh" "clicclac.info")
#hosts=("maboiteverte.fr")
port=443
# Days left before notification
nday=15
# Choose the notification
notif="pushover"
dotenv () {
set -a
# shellcheck disable=SC1091
[ -f "$HOME/.env" ] && . "$HOME/.env" || echo -e "${red}\nNo .env file found ! No token for gotify.${reset}"
set +a
}
dotenv
send_gotify_notification() {
# Enabled HSTS & created default WebSocket records in the DSM 7.2 reverse proxy window and it solved itself.
now=$(date +"%d-%m-%Y %T")
gotify_server="https://gotify.maboiteverte.fr"
gotify_token="$GOTIFY_BASH"
TITLE="$1"
MESSAGE="**A new version of Pi-hole is available:**\n\n $msg_md\n\n $infos\n\n Please run *pihole -up* on $host to update !"
PRIORITY=8
URL="$gotify_server/message?token=$gotify_token&?format=markdown"
echo -e "Sending notification to $gotify_server ..."
# -S, --show-error Show error even when -s is used
# -s, --silent Silent mode
# -v Verbose
curl -s -S --output /dev/null --data '{"message": "'"${MESSAGE}"'", "title": "'"${TITLE}"'", "priority":'"${PRIORITY}"', "extras": {"client::display": {"contentType": "text/markdown"}}}' -H 'Content-Type: application/json' "$URL"
[ $? -eq 0 ] && echo -e "${greenbold}Gotify notification sent successfully !${reset}" || echo -e "${redbold}error sending Gotify notification !${reset}"
}
send_pushover_notification() {
echo -e "Sending Pushover notification ..."
curl -S -s -o /dev/null -F "token=$BASH_APP" \
-F "user=$USER_KEY" \
-F "title=$1" \
-F priority=2 \
-F html=1 \
-F retry=60 \
-F expire=86400 \
-F "message=$2" https://api.pushover.net/1/messages.json
[ $? -eq 0 ] && echo -e "${greenbold}Pushover notification sent successfully !${reset}" || echo -e "${redbold}error sending Pushover notification !${reset}"
}
for host in "${hosts[@]}"; do
if command -v showcertif >/dev/null 2>&1; then
cert=$(showcert $host)
ip=$(echo "$cert" | grep IP | awk -F": " '{print $2}')
names=$(echo "$cert" | grep Names | awk -F": " '{print $2}')
issuer=$(echo "$cert" | grep Issuer | awk -F": " '{print $2}')
start=$(echo "$cert" | grep Before | awk -F": " '{print $2}')
end=$(echo "$cert" | grep notAfter | awk -F": " '{print $2}')
left=$(echo "$end" | awk -F" " '{split($3, arr, "[()]"); print arr[2]}')
# maboiteverte.fr
# IP: 212.227.191.167
# Names: *.maboiteverte.fr maboiteverte.fr
# notBefore: 2024-01-08 00:00:00 (298 days old)
# notAfter: 2025-01-27 23:59:59 (87 days left)
# Issuer: C=US O=DigiCert Inc OU=www.digicert.com CN=Encryption Everywhere DV TLS CA - G2
# Tags: [CHAIN-VERIFIED]
h="$host ($ip)"
n="Names: $names"
i="Issuer: $issuer"
s="Date début: $start"
e="Date fin: $end"
else
cert=`echo |
openssl s_client -connect $host:$port 2>/dev/null |
openssl x509 -issuer -subject -dates -noout`
issuer=$(echo "$cert" | grep issuer | awk -F"issuer=" '{print $2}')
subject=$(echo "$cert" | grep subject | awk -F"subject=" '{print $2}')
start=$(echo "$cert" | grep Before | awk -F"=" '{print $2}')
end=$(echo "$cert" | grep notAfter | awk -F"=" '{print $2}')
timestamp_current=$(date +"%s")
timestamp_end=$(date --date="$end" +"%s")
left=$(($((timestamp_end - timestamp_current))/(60*60*24)))
end="$end ($left days left)"
ip=$(dig +short $host)
# issuer=C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2
# subject=CN=*.maboiteverte.fr
# notBefore=Jan 8 00:00:00 2024 GMT
# notAfter=Jan 27 23:59:59 2025 GMT
h="$host ($ip)"
n="Subject: $subject"
i="Issuer: $issuer"
s="Date début: $start"
e="Date fin: $end"
fi
echo -e "${bold}$h${reset}"
echo -e "$n"
echo -e "$i"
echo -e "$s"
if [ $left -lt $nday ]; then
echo -e "${red}$e${reset}"
# Run by cron
if [ "$notif" == "gotify" ];then
msg_md="**$h**\n\n $n\n\n $i\n\n $s\n\n $e"
send_gotify_notification "$host certificat will expire in $left day !" "$msg_md"
elif [ "$notif" == "pushover" ];then
msg_html="$h<br />$n<br />$i<br />$s<br />$e"
send_pushover_notification "$host certificat will expire in $left day !" "$msg_html"
#pushover -a "bash" -m "A new version of Pi-hole is available: <br /> $msg_html <br /> $infos_html <br /> Please run <b>pihole -up</b> on $host to update" -p 2 -f 1
fi
else
echo -e "${green}$e${reset}"
fi
echo -e "\n"
sleep 1
done