| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by samlinnfer 360 days ago

I just have a cronjob that does:

    #!/usr/bin/env bash

    cert_check() {
        server=$1
        host=$2
        port=$3

        str=`ssh "$server" "echo | openssl s_client -servername $host -connect localhost:$port | openssl x509 -noout -checkend 604800"` || true
        if ! echo "$str" | grep -q 'Certificate will not expire' ; then
            echo "$str" | ./send-email.py "Certificate \"$host\" on $server will expire in 7 days" \
        fi
    }

    cert_check name myserver.com 443

1 comments

masklinn 360 days ago

If you’re automating the check why not automate the renewal directly?

link

jeroenhd 360 days ago

I've missed expired certificates because of a configuration issue that broke the certbot automation. Granted, I could've read the certbot journalctl output, but 99.9% of the time that's a waste of time. Not like there was anything mission-critical on there.

link

detaro 360 days ago

who says they don't have the renewal automated?

link