shell/certificate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
certificate/validity.sh
Bruno21 54b127e809 bugfix
2025-03-25 07:56:29 +01:00

187 lines
5.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# Check SSL certificates for key domains
#
# Run: ./validity.sh
VERSION="v1.0"
redbold="\033[1;31m"
red="\033[10;31m"
greenbold="\033[1;32m"
green="\033[0;32m"
yellow="\033[0;33m"
yellowbold="\033[1;33m"
bold="\033[1m"
italic="\033[3m"
#bold_under="\033[1;4m"
underline="\033[4m"
reset="\033[0m"
#export PATH="/usr/local/bin:$PATH"
# run by cron $PATH=/usr/bin:/bin
#command -v showcert >/dev/null 2>&1 || { echo -e "${bold}showcert${reset} is not installed ${italic}(pip install showcert)${reset}. Aborting..." >&2; exit 1; }
curl -Is https://www.apple.com | head -1 | grep 200 1>/dev/null
if [ $? -eq 1 ]; then
echo -e "\n${red}No Internet connection !${reset}"
echo -e "Exit !"
exit 1
fi
dotenv () {
set -a
# shellcheck disable=SC1091
[ -f "$HOME/.env" ] && . "$HOME/.env" || echo -e "${red}\nNo .env file found ! No token for gotify.${reset}"
set +a
#
# Gotify: $GOTIFY_SERVER (server url), $GOTIFY_BASH (token)
# Pushover: $USER_KEY$ (user) $BASH_APP (token)
}
dotenv
### Variables for self updating
ScriptArgs=( "$@" )
ScriptPath="$(readlink -f "$0")" # /Users/bruno/Documents/Scripts/bashbirds/bashbirds.sh
ScriptWorkDir="$(dirname "$ScriptPath")" # /Users/bruno/Documents/Scripts/bashbirds
### Domains to check ###
#hosts=("domain.com")
hosts=()
#if [ ${#hosts[@]} -eq 0 ]; then
if [ -f "$ScriptWorkDir/validity_domains.txt" ]; then
readarray -t hosts < "$ScriptWorkDir/validity_domains.txt"
else echo -e "${red}No domain to check !${reset}"
fi
#fi
port=443
# Days left before notification
nday=15
# Choose the notification (pushover or gotify)
notif="pushover"
send_gotify_notification() {
# Enabled HSTS & created default WebSocket records in the DSM 7.2 reverse proxy window and it solved itself.
now=$(date +"%d-%m-%Y %T")
gotify_server="$GOTIFY_SERVER"
gotify_token="$GOTIFY_BASH"
TITLE="$1"
MESSAGE="$2"
PRIORITY=8
URL="$gotify_server/message?token=$gotify_token&?format=markdown"
echo -e "Sending notification to $gotify_server ..."
# -S, --show-error Show error even when -s is used
# -s, --silent Silent mode
# -v Verbose
curl -s -S --output /dev/null --data '{"message": "'"${MESSAGE}"'", "title": "'"${TITLE}"'", "priority":'"${PRIORITY}"', "extras": {"client::display": {"contentType": "text/markdown"}}}' -H 'Content-Type: application/json' "$URL"
[ $? -eq 0 ] && echo -e "${greenbold}Gotify notification sent successfully !${reset}" || echo -e "${redbold}error sending Gotify notification !${reset}"
}
send_pushover_notification() {
echo -e "Sending Pushover notification ..."
curl -S -s -o /dev/null -F "token=$BASH_APP" \
-F "user=$USER_KEY" \
-F "title=$1" \
-F priority=2 \
-F html=1 \
-F retry=60 \
-F expire=86400 \
-F "message=$2" https://api.pushover.net/1/messages.json
[ $? -eq 0 ] && echo -e "${greenbold}Pushover notification sent successfully !${reset}" || echo -e "${redbold}error sending Pushover notification !${reset}"
}
for host in "${hosts[@]}"; do
url="https://$host"
response=$(curl --connect-timeout 10 --max-time 10 --retry 3 --retry-delay 0 --retry-max-time 30 --write-out '%{http_code}' --silent --output /dev/null "$url")
if [ $(grep -w "200\|301\|302\|303\|307" <<< "$response") ];then
if command -v showcert >/dev/null 2>&1; then
cert=$(showcert $host)
: << 'COMMENTS2'
error=$(echo "$cert" | grep "Verification error (use -i)")
if [ -n "$error" ]; then
echo -e "${redbold}$error${reset}\n${italic}Trying showcert -i $host${reset}"
cert=$(showcert -i $host)
fi
COMMENTS2
ip=$(echo "$cert" | grep IP | awk -F": " '{print $2}')
names=$(echo "$cert" | grep Names | awk -F": " '{print $2}')
issuer=$(echo "$cert" | grep Issuer | awk -F": " '{print $2}')
start=$(echo "$cert" | grep Before | awk -F": " '{print $2}')
end=$(echo "$cert" | grep notAfter | awk -F": " '{print $2}')
left=$(echo "$end" | awk -F" " '{split($3, arr, "[()]"); print arr[2]}')
h="$host ($ip)"
n="Names: $names"
i="Issuer: $issuer"
s="Date début: $start"
e="Date fin: $end"
else
echo "$host"
cert=`echo |
openssl s_client -connect $host:$port 2>/dev/null |
openssl x509 -issuer -subject -dates -noout`
issuer=$(echo "$cert" | grep issuer | awk -F"issuer=" '{print $2}')
subject=$(echo "$cert" | grep subject | awk -F"subject=" '{print $2}')
start=$(echo "$cert" | grep Before | awk -F"=" '{print $2}')
end=$(echo "$cert" | grep notAfter | awk -F"=" '{print $2}')
timestamp_current=$(date +"%s")
timestamp_end=$(date --date="$end" +"%s")
left=$(($((timestamp_end - timestamp_current))/(60*60*24)))
end="$end ($left days left)"
ip=$(dig +short $host)
h="$host ($ip)"
n="Subject: $subject"
i="Issuer: $issuer"
s="Date début: $start"
e="Date fin: $end"
fi
echo -e "${bold}$h${reset}"
echo -e "$n"
echo -e "$i"
echo -e "$s"
if [ $left -lt $nday ]; then
echo -e "${red}$e${reset}"
# Run by cron
if [ "$notif" == "gotify" ];then
msg_md="**$h**\n\n $n\n\n $i\n\n $s\n\n $e"
send_gotify_notification "$host certificat will expire in $left day !" "$msg_md"
elif [ "$notif" == "pushover" ];then
msg_html="$h<br />$n<br />$i<br />$s<br />$e"
send_pushover_notification "$host certificat will expire in $left day !" "$msg_html"
#pushover -a "bash" -m "A new version of Pi-hole is available: <br /> $msg_html <br /> $infos_html <br /> Please run <b>pihole -up</b> on $host to update" -p 2 -f 1
fi
else
echo -e "${green}$e${reset}"
fi
echo -e "\n"
sleep 1
else
echo -e "${red}$host is offline !${reset}"
fi
done
Reference in New Issue View Git Blame Copy Permalink