ansible-role-easy-rsa/templates/check-x509-certs-expiration...

39 lines
1.2 KiB
Django/Jinja

#!/bin/bash
#set -e
PUB_CERTS_DIR="/srv/CA/pki/issued"
# 1 day in seconds 86400
# 7 days in seconds: 604800
# 30 days in seconds: 2592000
DAYS="{{ easy_rsa_alert_on_cert_seconds_before_expire }}"
RETVAL=
# Email settings
_sub=" will expire within $DAYS seconds (30 days):"
_from="{{ easy_rsa_alert_on_cert_from }}"
_to="{{ easy_rsa_alert_on_cert_to }}"
_openssl="/usr/bin/openssl"
for cert in "$PUB_CERTS_DIR/"*.crt ; do
#echo -n "$cert: "
#$_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" | grep -q 'notAfter'
expiry_date=$( $_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" )
RETVAL=$?
#echo "RETVAL: $RETVAL"
# Send email
if [ $RETVAL -ne 0 ] ; then
echo "$cert ${_sub} $expiry_date"
{% if easy_rsa_alert_on_cert_expiration %}
mail -s "$cert $_sub" -r "$_from" "$_to" <<< "Warning: The TLS/SSL certificate ($cert) will expire soon on $HOSTNAME [$(date)]: $expiry_date"
# # See https://www.cyberciti.biz/mobile-devices/android/how-to-push-send-message-to-ios-and-android-from-linux-cli/ #
# source ~/bin/cli_app.sh
# push_to_mobile "$0" "$_sub. See $_to email for detailed log. -- $HOSTNAME " >/dev/null
{% endif %}
fi
done
exit 0