Become an AceSign inSign up
selivan/ https-ssl-cert-check-zabbix
Shell tls-certificate ssl-certificate ssl tls standalone
View on GitHub
Need help with https-ssl-cert-check-zabbix?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

selivan
154 Stars 24 Forks Other 76 Commits 0 Opened issues

Description

Script to check validity and expiration of TLS/SSL certificate on site. May be used with Zabbix or standalone.

Services available

!
?

Need anything else?

Contributors list

Pavel Selivanov selivan
# 193,973
C
TeX
nginx
tls-cer...
 69 commits
Dmitry Verkhoturov paskal
# 74,776
Go
bootstr...
hugo
openvpn
 1 commit

Script to check validity and expiration of TLS/SSL certificate for given host, port and (optional) servername for TLS SNI.

May be used standalone or with Zabbix. See example of integration in 

userparameters_ssl_cert_check.conf
and zabbix manual about user parameters.

Usage

ssl_cert_check.sh valid|expire  [port] [domain for TLS SNI] [check timeout (seconds)]
  • [port]
    optional, default is 443
  • [domain for TLS SNI]
    optional, default is 
    .
    
SNI(Server Name Indication) is used to specify certificate domain name if it differs from the hostname.

    • 

  • 

    [check timeout (seconds)]
     optional, default is 5 seconds
    • 




Return values



    

  • 

    1|0
      for validity check: 1 - valid, 0 - invalid, expired or unavailable
    • 

  • 

    N
      number of days left for expiration check. Zero or negative value means certificate is expired
    • 

  • 

    -65535
      site was unavailable for expiration check or incorrect script parameters
    • 




Examples


[email protected]:~$ ./ssl_cert_check.sh valid valid.example.com
1


[email protected]:~$ ./ssl_cert_check.sh valid imap.valid.example.com 993
1


[email protected]:~$ ./ssl_cert_check.sh valid invalid.example.com
0


Expired certificate is not valid


[email protected]:~$ ./ssl_cert_check.sh valid expired.example.com
0


[email protected]:~$ ./ssl_cert_check.sh expire effective-next-90-days.example.com
90


[email protected]:~$ ./ssl_cert_check.sh expire expired-37-days-ago.example.com
-37


NOTE: an error message is shown to stderr only when running on a terminal


Without terminal(from zabbix), only the result is printed to stdout


[email protected]:~$ ./ssl_cert_check.sh expire unavailable.example.com
-65535
ERROR: Failed to get certificate


Check 127.0.0.1:443 for a valid certificate for example.com


TLS SNI(Server Name Indication) is set to example.com


[email protected]:~$ ./ssl_cert_check.sh valid 127.0.0.1 443 example.com
1


Check 127.0.0.1:443 for a valid certificate for example.com


TLS SNI(Server Name Indication) is set to example.com


Check timeout is 10 seconds(default is 5)


[email protected]:~$ ./ssl_cert_check.sh valid 127.0.0.1 443 example.com 10
1



Using with busybox, like Alpine-based Docker images



Busybox 
date
 can not parse date format from 
openssl
. If you are using busybox, for example for Alpine-based Docker images, install 
coreutils
 package.


P.S. If this code is useful for you - don't forget to put a star on it's github repo.

    
    
    
    
    
    
    
    



 We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.