[SSL] SSL 만료일 체커 (feat. Github)

* 개요

- 서비스를 운영하다보면 나도 모르는 사이 SSL 인증서가 만료되어 낭패를 겪은 적 있을것이다. 간단하게 SHELL 스크립트를 통해서 스마트하게 SSL 만료 알람을 사전에 받아서 대참사를 막아보자

 

* 코드

- 아래 코드를 응용해서 얼마든시 다양한 Notificator를 만들 수 있을것이다.

- 핵심 커맨드

curl --insecure -v $URL 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }' | awk '/^*  expire date: /{print $4,$5,$7}'

#!/bin/bash

################Files to be created before starting exicution####################
# sudo apt-get install alsa alsa-utils						#
# mkdir -p $HOME/scripts							#
# touch $HOME/scripts/ssl_url							#
# Download alert.wav file and copy it into $HOME/scripts directory		#
#################################################################################
while true
do
year=$(date | awk '{print $6}')
month=$(date | awk '{print $2}')
day=$(date | awk '{print $3}')
touch /tmp/ssl_expire
FILE="$HOME/scripts/ssl_url"
while read -r URL; do
expire_date=$(curl --insecure -v $URL 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }' | awk '/^*  expire date: /{print $4,$5,$7}')
echo $expire_date > /tmp/ssl_expire
ssl_year=$(cat /tmp/ssl_expire | awk '{print $3}')
ssl_month=$(cat /tmp/ssl_expire | awk '{print $1}')
ssl_day=$(cat /tmp/ssl_expire | awk '{print $2}')
echo "-------------------------------------------------------------------------------------------------------------------------------------"
echo "| Today's Date: $day-$month-$year |Certificate Expire Date:  $ssl_day-$ssl_month-$ssl_year | Web Site URL: $URL"
if [ $ssl_year -eq $year ]
then 
	if [ "$ssl_month" == "$month" ] 
	then
		remind_days=3
		ex_days=1
		before_expire=$(($day - $remind_days))
		before_one=$(($day + $ex_days))
		if [ $ssl_day -gt $before_expire -o $ssl_day -lt $before_one ]
		then
			echo "Dear Admin Team \n The $URL's SSL(HTTPS) certificate will expire on $ssl_day-$ssl_month-$ssl_year " | mail -s "SLL cerficate expired for $URL" -a "From: from_mail_id@gmail.com" your_admin_1@gmail.com,your_admin_2@gmail.com >> /dev/null
		fi	
	fi
fi
done < "$FILE"
sleep 10800
done
#######################################################################################################################################################
#The content of $HOME/scripts/URL_File is as below
#Please remove "#" and Headline titles. Each parameter will be read by the difrence of spaces.
#URL_of_the_web_site_with_https_protocol
#https://google.com

 

* 참고자료

- 출저 : https://github.com/shahidshaik786/SSL_expire_date_check_and_alert/blob/master/SSL_expire_date_check_and_alert