#!/bin/bash #set -e PUB_CERTS_DIR="/srv/CA/pki/issued" # 1 day in seconds 86400 # 7 days in seconds: 604800 # 30 days in seconds: 2592000 DAYS="{{ easy_rsa_alert_on_cert_seconds_before_expire }}" RETVAL= # Email settings _sub=" will expire within $DAYS seconds (30 days):" _from="{{ easy_rsa_alert_on_cert_from }}" _to="{{ easy_rsa_alert_on_cert_to }}" _openssl="/usr/bin/openssl" for cert in "$PUB_CERTS_DIR/"*.crt ; do #echo -n "$cert: " #$_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" | grep -q 'notAfter' expiry_date=$( $_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" ) RETVAL=$? #echo "RETVAL: $RETVAL" # Send email if [ $RETVAL -ne 0 ] ; then echo "$cert ${_sub} $expiry_date" {% if easy_rsa_alert_on_cert_expiration %} mail -s "$cert $_sub" -r "$_from" "$_to" <<< "Warning: The TLS/SSL certificate ($cert) will expire soon on $HOSTNAME [$(date)]: $expiry_date" # # See https://www.cyberciti.biz/mobile-devices/android/how-to-push-send-message-to-ios-and-android-from-linux-cli/ # # source ~/bin/cli_app.sh # push_to_mobile "$0" "$_sub. See $_to email for detailed log. -- $HOSTNAME " >/dev/null {% endif %} fi done exit 0