a nagios check to remind me the SSL certificate expiration

I wrote a quite unuseful check for nagios to remind me to renew my SSL certificate. This is the definition in commands.cfg file

define command{
        command_name check_ssl_expiration
        command_line /usr/lib/nagios/plugins/check_ssl_expiration.sh $ARG1$ $ARG2$ $ARG3$ $ARG4$
}

and this the check_ssl_expiration.sh script

#!/bin/bash
# input parameters
MYSRV=$1
MYPORT=$2
DAYWARN=$3
DAYCRIT=$4
# return values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″
TEMPFILE=/tmp/.$$certtest.pem

# check data input
checkdata () {
        VAL=`echo $2 | wc | awk ‘{print $2}’`
        if [ $VAL -eq 0 ]; then
                echo $1 is not set
                exit $RET_UNKN
        fi
}

checkdata “HTTPS server name” $MYSRV
checkdata “HTTPS PORT” $MYPORT
checkdata “warning threshold” $DAYWARN
checkdata “critical error threshold” $DAYCRIT

echo | openssl s_client -connect $MYSRV:$MYPORT  2> /dev/null | sed -ne ‘/-BEGIN CERT/,/-END CERT/p’ > $TEMPFILE 2>/dev/null
EXPDATE=`openssl x509 -noout -in $TEMPFILE -dates|grep notAfter|sed -e “s/.*notAfter=//”`
rm $TEMPFILE

EXPSEC=`date “+%s” –date=”$EXPDATE”`
NOWSEC=`date “+%s”`
DAYLEFT=`expr \( $EXPSEC – $NOWSEC \) / 86400`

# $DAYLEFT days left to SSL certificate expiration

if [ $DAYLEFT -le $DAYCRIT ]; then
        echo “ERROR – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_CRIT
fi

if [ $DAYLEFT -le $DAYWARN ]; then
        echo “WARNING – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_WARN
fi

echo “$DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
exit $RET_OK

Off course I scheduled this check once a day.

Tags: ,

Leave a Reply