Checking validity of Let's Encrypt certificates in ISPConfig

Discussion in 'Tips/Tricks/Mods' started by Bocki, Jan 7, 2018.

  1. Bocki

    Bocki New Member HowtoForge Supporter

    Hi everybody,
    because I currently have some problems with the automatic renewal of Let's Encrypt certificates I've built this script to check the used certificates for validity. I hope it helps somebody else, too!
    Regards!

    Code:
    #!/bin/bash
    
    # chechsslcerts.sh
    #
    # check wether Let's Encrypt certificates in ISPConfig will expire soon
    
    # v1.0/2018-01-06
    
    DAYS=30 # warning expiration time
    SECONDS=$(("${DAYS}"*86400))
    
    cd /var/www
    for file in *; do
        if [[ -L "${file}" && "${file}" != "ispconfig" && -d "${file}"/ssl ]]; then
            cd "${file}"/ssl
            if [[ -e "${file}"-le.crt ]]; then
                if ! openssl x509 -checkend 0 -noout -in "${file}"-le.crt >/dev/null; then
                    echo ""${file}" - ERROR: certificate has already expired on $(openssl x509 -enddate -noout -in "${file}"-le.crt | cut -d = -f 2)."
                elif openssl x509 -checkend "${SECONDS}" -noout -in "${file}"-le.crt >/dev/null; then
                    echo ""${file}" - Certificate is valid until $(openssl x509 -enddate -noout -in "${file}"-le.crt | cut -d = -f 2)."
                else
                    echo ""${file}" - WARNING: certificate will expire on $(openssl x509 -enddate -noout -in "${file}"-le.crt | cut -d = -f 2) (under "${DAYS}" days)."
                fi
            else
                echo ""${file}" - WARNING: certificate does not exist."                                                                                   
            fi                                                                                                                                            
            cd ../..                                                                                                                                      
        fi                                                                                                                                                
    done
     
    till and ahrasis like this.
  2. craigfanman

    craigfanman Member

    hi thanks for this script it is useful! Just fyi it didnt run properly for me, I got:

    sh checksslcerts.sh
    checksslcerts.sh: line 10: "30"*86400: syntax error: operand expected (error token is ""30"*86400")

    fixed this just by doing

    #SECONDS=$(("${DAYS}"*86400))
    SECONDS=2592000


    and it ran fine.
    Thanks!
     
  3. Bocki

    Bocki New Member HowtoForge Supporter

    Thanks for your reply and great that you like it!
    The problem might arise with using a shell different than bash? On my Debian sh links to bash. Just a quick thought.
     

Share This Page