RuhNetConsulting
/
checkssl
mirror of https://github.com/srvrco/checkssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 4 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
1 Branch
207 KiB
 
Tree: 8c9d9d7a96
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8c9d9d7a96'
${ noResults }
checkssl/README

2.2 KiB
Raw Blame History 

With the good work by "Let’s Encrypt" in providing free SSL certs for users, I wanted a quick way to check all the domains I look after to determine which ones have correct SSL certs, and which ones are in need of updating etc. 

This bash file is the first draft a a program to do that.  It can either be run against a list of file names, from the directories in your Lets Encrypt live directory or on a single server with  the aim of getting all the domain names from the server.   

The output looks like:

Domain       cert issued for  valid until               cert issued by                possible issues?
domain1.com  domain1.com      Dec 22 09:19:00 2016 GMT  Let's Encrypt Authority X1  - certificate near renewal date
domain2.com  domain2.com      Dec 22 11:42:00 2016 GMT  Let's Encrypt Authority X1  - certificate near renewal date
domain3.net  domain3.net      Mar  4 10:10:00 2016 GMT  Let's Encrypt Authority X1

You can also get a list of domains that need to be renewed, to list the domains requiring renewal in the nest 20 days;

checkssl -l /etc/letsencrypt/live/ -e 20 -r 
domain7.com
domain 12.com

running checkssl with no arguments gives help;

checkssl
   checkssl ver. 0.4
   checks ssl certs for a set of domains

   Usage: checkssl [-h|--help] [-d|--debug] [-f|--file filename] [-s|--server stype] [-l|--location directory] [-e|--expires days] [-r:--renew]

   Options:
  -h, --help  Display this help message and exit.
  -d, --debug  outputs debug information
  -f, --file  filename
    Where 'filename' is a file containing a list of domain names
  -s, --server server_type
    Where 'server_type' is the server type (cpanel, ISPconfig, apache2 ...)
  -l, --location directory
    Where 'directory' is where your lets encrypt live directory is
       (typically /etc/letsencrypt/live/)
  -e, --expires days
    Where 'days' is the number of days to alert if cert expires in that time period
  -r, --renew  this just lists domain names that need to be renewed.   This list could be used by an auto renew script, or to email you.


V0.1 initial commit by SRVRCO
v0.2 modification by MrSleeps
v0.3 Corrected issue in grep affecting performance on some servers
v0.4 correct typo and added -e and -r arguments