Skip to content

srvrco/checkssl

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
 
 
 
 
 
 
 
 

Repository files navigation

With the good work by "Let’s Encrypt" in providing free SSL certs for users, I wanted a quick way to check all the domains I look after to determine which ones have correct SSL certs, and which ones are in need of updating etc. 

This bash file is the first draft of a program to do that.  It can either be run against a list of file names, from the directories in your Lets Encrypt live directory or on a single server with  the aim of getting all the domain names from the server.   

The output looks like:

Domain       cert for     valid until            cert issued by    possible issues?
domain1.com  domain1.com  Dec 22 09:19:00 2016   Let's Encrypt   - certificate near renewal date
domain2.com  domain2.com  Dec 22 11:42:00 2016   Let's Encrypt   - certificate near renewal date
domain3.net  domain3.net  Mar  4 10:10:00 2016   Let's Encrypt 
domain4.net  domain1.net  Mar  2 12:23:00 2016   Let's Encrypt   - possible name mismatch


You can also get a list of domains that need to be renewed, to list the domains requiring renewal in the nest 20 days;

checkssl -l /etc/letsencrypt/live/ -e 20 -r 
domain7.com
domain12.com

You can also get it to run a specific command if domains need renewal, for example 

check -i ISPconfig -e 20 -c ~/scripts/renewssl

will run the renewssl command with the domain name passed as an argument.   If there are more than one domain that needs renewal it will call the command multiple times.   This can then easily be run as a cron to regularly check and update SSL certs.


running checkssl with no arguments gives help;

checkssl ver. 1.15
Checks ssl certs for a set of domains

Usage: checkssl [-h|--help] [-d|--debug] [-f|--file filename] [-s|--server stype] [-l|--location directory] 
                [-e|--expires days] [-r|--renew] [-u|--update] [-U|--nocheck] [-c|--command command] [domain]

Options:
  -h, --help      Display this help message and exit.
  -d, --debug     Outputs debug information
  -f, --file  filename
                  Where 'filename' is a file containing a list of domain names
  -s, --server server_type
                  Where 'server_type' is the server type (cpanel, ISPconfig, apache2 ...)
  -l, --location directory
                  Where 'directory' is where your lets encrypt live directory is
                  (typically /etc/letsencrypt/live/)
  -e, --expires days
                  Where 'days' is the number of days to alert if cert expires in that time period
  -r, --renew     This just lists domain names that need to be renewed.
                  This list could be used by an auto renew script, or to email you.
  -p, --problems  This just lists the domains that have possible issues.
                  This list could be used to email you only if there is something to take care of.
  -u, --upgrade   Upgrade checkssl if a more recent version is available
  -U, --nocheck   Do not check if a more recent version is available
  -c, --command run_command
                  Where 'run_command' is a command which will be run (with domain name passed)
                  for any certs due for renewal

                  A domain name can also be specified on the command line



If a file is provided, with a list of domains then each domain can include a port / service for testing i.e.

example.com
example.com:pop3s
example.com:587