Script to check validity and expiration of TLS/SSL certificate on site. May be used with Zabbix or standalone.
Script to check validity and expiration of TLS/SSL certificate for given host, port and (optional) servername for TLS SNI.
May be used standalone or with Zabbix. See example of integration in
userparameters_ssl_cert_check.confand zabbix manual about user parameters.
ssl_cert_check.sh valid|expire [port] [domain for TLS SNI] [check timeout (seconds)]
[port]optional, default is 443
[domain for TLS SNI]optional, default is .
[check timeout (seconds)]optional, default is 5 seconds
1|0for validity check: 1 - valid, 0 - invalid, expired or unavailable
Nnumber of days left for expiration check. Zero or negative value means certificate is expired
-65535site was unavailable for expiration check or incorrect script parameters
[email protected]:~$ ./ssl_cert_check.sh valid valid.example.com 1[email protected]:~$ ./ssl_cert_check.sh valid imap.valid.example.com 993 1
[email protected]:~$ ./ssl_cert_check.sh valid invalid.example.com 0
Expired certificate is not valid
[email protected]:~$ ./ssl_cert_check.sh valid expired.example.com 0
[email protected]:~$ ./ssl_cert_check.sh expire effective-next-90-days.example.com 90
[email protected]:~$ ./ssl_cert_check.sh expire expired-37-days-ago.example.com -37
NOTE: an error message is shown to stderr only when running on a terminal
Without terminal(from zabbix), only the result is printed to stdout
[email protected]:~$ ./ssl_cert_check.sh expire unavailable.example.com -65535 ERROR: Failed to get certificate
Check 127.0.0.1:443 for a valid certificate for example.com
TLS SNI(Server Name Indication) is set to example.com
[email protected]:~$ ./ssl_cert_check.sh valid 127.0.0.1 443 example.com 1
Check 127.0.0.1:443 for a valid certificate for example.com
TLS SNI(Server Name Indication) is set to example.com
Check timeout is 10 seconds(default is 5)
[email protected]:~$ ./ssl_cert_check.sh valid 127.0.0.1 443 example.com 10 1
Busybox
datecan not parse date format from
openssl. If you are using busybox, for example for Alpine-based Docker images, install
coreutilspackage.
P.S. If this code is useful for you - don't forget to put a star on it's github repo.