0

How to check an SSL certificate expiration date from the command line

Some days ago one of my sites certificate expired. I didn’t pay attention to the Let’s Encrypt periodic warning emails – I’m using the DNS-01 challenge.

I must create a simple script to check how many days are left and install it as a cron job.

After some search I found that curl and date could do it.

$ curl https://thejoyofstick.com -vI --stderr - | grep "expire date:" | cut -d: -f 2-
Jun 25 17:26:52 2022 GMT

$ date --date='Jun 25 17:26:52 2022 GMT' '+%s'
1656178012

$ date '+%s'
1649805603

$ echo '(1656178012-1649805603)/86400' | bc
73

We now have a way to calculate how many days are left.
You can build a bash script with these and, after checking for a countdown days threshold, send yourself a proper alert email.

For myself I’m using a perl script based on this one

#!/usr/bin/env perl

use strictures 2;
use IO::Socket::SSL;
use Net::SSLeay;
use Date::Simple ( 'date', 'today' );

my $site = shift || 'example.com';

my $client = IO::Socket::SSL->new("$site:443")
  or die "error=$!, ssl_error=$SSL_ERROR";
my $cert = $client->peer_certificate();
my $time = Net::SSLeay::X509_get_notAfter($cert);
my $asn_t = Net::SSLeay::P_ASN1_TIME_get_isotime($time);
my ($date) = split /T/, $asn_t;
my $diff = date($date) - today;
my $warning_time = 15;

print "Expire date: $date\n";
print "How many days left: $diff\n";
print "Warning before $warning_time days\n";

Added a personal email module to send a message if $diff is less than $warning_time and then cron with it.

Enjoy!

18

Installing SNMP MIB files in Linux Ubuntu 18.04 LTS, 16.04 LTS, 14.04 TLS and 12.04 LTS

Update: still valid for Ubuntu 20.04 LTS !!!

Where are the MIB files ?

I’m in the middle of upgrading old servers and I found Ubuntu starting on 12.04 didn’t install the MIB files. Even if you install the SNMP applications. It was really strange to launch tkmib and just see a couple of nodes.

The explanation is simple. Just check the preamble of /etc/snmp/snmp.conf

#
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loaging them by commenting out the following line.
mibs :

Sure, but how can I install them ?

Fortunately there is a package to deal with that.

$ sudo apt-get install snmp-mibs-downloader

It will download the IETF MIB files and install them under the usual /usr/share/mibs/

If for any reason you don’t see it happen force it with

 $ sudo download-mibs

You can repeat this command later to update any new MIB file.

Let’s rock’n’roll

Well, almost. At this time your tools still won’t work correctly. Just remember the text on /etc/snmp/snmp.conf. You have to comment out the mibs : line! Now everything is by the book. Enjoy!

Install HP Support Software in your Ubuntu server

2

Problem updating Chrome: Repository changed its ‘Origin’ value from ‘Google, Inc.’ to ‘Google LLC’

If you are using the Google repository to update your Chrome it doesn’t update anymore with apt-get due to security reasons.

Reading package lists... Done                      
E: Repository 'http://dl.google.com/linux/chrome/deb stable Release' changed its 'Origin' value from 'Google, Inc.' to 'Google LLC'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

The solution is fast. Just run

sudo apt update

Note that’s apt and not apt-get. And just accept the change.

Do you want to accept these changes and continue updating from this repository? [y/N]

Done!

Then just use again sudo apt-get update and sudo apt-get upgrade