Some days ago one of my sites certificate expired. I didn’t pay attention to the Let’s Encrypt periodic warning emails – I’m using the DNS-01 challenge.
I must create a simple script to check how many days are left and install it as a cron job.
After some search I found that curl and date could do it.
$ curl https://thejoyofstick.com -vI --stderr - | grep "expire date:" | cut -d: -f 2-
Jun 25 17:26:52 2022 GMT
$ date --date='Jun 25 17:26:52 2022 GMT' '+%s'
1656178012
$ date '+%s'
1649805603
$ echo '(1656178012-1649805603)/86400' | bc
73
We now have a way to calculate how many days are left.
You can build a bash script with these and, after checking for a countdown days threshold, send yourself a proper alert email.
For myself I’m using a perl script based on this one
#!/usr/bin/env perl
use strictures 2;
use IO::Socket::SSL;
use Net::SSLeay;
use Date::Simple ( 'date', 'today' );
my $site = shift || 'example.com';
my $client = IO::Socket::SSL->new("$site:443")
or die "error=$!, ssl_error=$SSL_ERROR";
my $cert = $client->peer_certificate();
my $time = Net::SSLeay::X509_get_notAfter($cert);
my $asn_t = Net::SSLeay::P_ASN1_TIME_get_isotime($time);
my ($date) = split /T/, $asn_t;
my $diff = date($date) - today;
my $warning_time = 15;
print "Expire date: $date\n";
print "How many days left: $diff\n";
print "Warning before $warning_time days\n";
Added a personal email module to send a message if $diff is less than $warning_time and then cron with it.
Enjoy!
