-
Notifications
You must be signed in to change notification settings - Fork 40
checks ssl certs for a set of domains
License
srvrco/checkssl
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
With the good work by "Let’s Encrypt" in providing free SSL certs for users, I wanted a quick way to check all the domains I look after to determine which ones have correct SSL certs, and which ones are in need of updating etc. This bash file is the first draft of a program to do that. It can either be run against a list of file names, from the directories in your Lets Encrypt live directory or on a single server with the aim of getting all the domain names from the server. The output looks like: Domain cert for valid until cert issued by possible issues? domain1.com domain1.com Dec 22 09:19:00 2016 Let's Encrypt - certificate near renewal date domain2.com domain2.com Dec 22 11:42:00 2016 Let's Encrypt - certificate near renewal date domain3.net domain3.net Mar 4 10:10:00 2016 Let's Encrypt domain4.net domain1.net Mar 2 12:23:00 2016 Let's Encrypt - possible name mismatch You can also get a list of domains that need to be renewed, to list the domains requiring renewal in the nest 20 days; checkssl -l /etc/letsencrypt/live/ -e 20 -r domain7.com domain12.com You can also get it to run a specific command if domains need renewal, for example check -i ISPconfig -e 20 -c ~/scripts/renewssl will run the renewssl command with the domain name passed as an argument. If there are more than one domain that needs renewal it will call the command multiple times. This can then easily be run as a cron to regularly check and update SSL certs. running checkssl with no arguments gives help; checkssl ver. 1.15 Checks ssl certs for a set of domains Usage: checkssl [-h|--help] [-d|--debug] [-f|--file filename] [-s|--server stype] [-l|--location directory] [-e|--expires days] [-r|--renew] [-u|--update] [-U|--nocheck] [-c|--command command] [domain] Options: -h, --help Display this help message and exit. -d, --debug Outputs debug information -f, --file filename Where 'filename' is a file containing a list of domain names -s, --server server_type Where 'server_type' is the server type (cpanel, ISPconfig, apache2 ...) -l, --location directory Where 'directory' is where your lets encrypt live directory is (typically /etc/letsencrypt/live/) -e, --expires days Where 'days' is the number of days to alert if cert expires in that time period -r, --renew This just lists domain names that need to be renewed. This list could be used by an auto renew script, or to email you. -p, --problems This just lists the domains that have possible issues. This list could be used to email you only if there is something to take care of. -u, --upgrade Upgrade checkssl if a more recent version is available -U, --nocheck Do not check if a more recent version is available -c, --command run_command Where 'run_command' is a command which will be run (with domain name passed) for any certs due for renewal A domain name can also be specified on the command line If a file is provided, with a list of domains then each domain can include a port / service for testing i.e. example.com example.com:pop3s example.com:587
About
checks ssl certs for a set of domains
Topics
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published