-
Notifications
You must be signed in to change notification settings - Fork 4
/
70-tls
83 lines (68 loc) · 2.35 KB
/
70-tls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/env bash
# This script calculates the remaining time until your ssl certificates expire
# Base version taken from https://gitlab.com/Scrumplex/motd/blob/master/30-tls
# REQUIREMENTS: openssl
## CONFIG
certificate_dirs=(
"/opt/servarr/config/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/"
)
custom_certificates=(
"/path/to/cert"
"/etc/letsencrypt/live/domain/fullchain.pem"
)
red="\e[31m"
orange="\e[95;38;5;214m"
green="\e[1;32m"
undim="\e[0m"
## END CONFIG
# Make sure that the "column" program can display our unicode dots:
export LANG="en_US.UTF-8"
# Calculate the expiry date from a local cert
expiry_date () {
out=$(openssl x509 -enddate -noout -in "$1" | cut -d "=" -f 2)
echo "$out"
}
# Generate a unix timestamp from a given date string
unix_date () {
date -d "$1" +%s
}
# Generate a string based on the expiry date
expires_in () {
diff=$(( $1 - $2 ))
expiresInHours=$(( diff / 3600 ))
if [ $expiresInHours -gt 48 ]; then
echo "$(( expiresInHours / 24 )) days"
else
echo "$expiresInHours hours"
fi
}
# Find all certificates and extend with custom certificates
IFS=$'\n'
certificates=($(find "${certificate_dirs[*]}" -type f -name "*.crt" -o -name "*.cer" 2>/dev/null))
unset IFS
certificates+=("${custom_certificates[@]}")
echo ""
echo "tls certificates:"
output=""
output+=" Domain | Status\n"
for i in "${!certificates[@]}"; do
cert="${certificates[$i]}"
certname=$(openssl x509 -subject -noout -in "$cert" | cut -d " " -f3)
exp_date=$(expiry_date "$cert")
expires=$(unix_date "$exp_date")
now=$(unix_date "now")
inAWeek=$(unix_date "1 week")
expiresIn=$(expires_in "$expires" "$now")
expiryDate=$(date -d "$exp_date" +"%d.%m.%Y")
# We can also get the name of the certificate automatically with:
# openssl x509 -subject -noout -in $cert | cut -d " " -f3
# But that takes a lot of time. We don't want to wait during login
if [ "$expires" -le "$now" ]; then
output+=" $red▲$undim $certname | ${red}expired ($expiryDate)$undim\n"
elif [ "$expires" -le "$inAWeek" ]; then
output+=" $orange●$undim $certname | ${orange}expiring soon ($expiresIn left)$undim\n"
else
output+=" $green●$undim $certname | ${green}expires in $expiresIn ($expiryDate)$undim\n"
fi
done
echo -e "$output" | column -t -s '|'