provisioning tool for building opinionated architecture
 
 

83 lines
1.6 KiB

#!/bin/bash
readonly DOMAIN=$1
readonly PROTOCOL=${2:-https}
readonly TIMEOUT=10 # max seconds to wait
result=0
function usage {
echo 'usage: <DOMAIN> [ https | 443 | smtps | 587 | pop3 | 993 | imap | 995 | ALL ]'
exit 1
}
function check_ssl {
local protocol=$1
case $protocol in
SMTPS)
local extra="-starttls smtp -showcerts"
;;
esac
echo -n "$protocol "
certificate_info=$(echo | timeout $TIMEOUT openssl s_client $extra -connect $DOMAIN:$2 2>/dev/null)
issuer=$(echo "$certificate_info" | openssl x509 -noout -text 2>/dev/null | grep Issuer: | cut -d: -f2)
date=$(echo "$certificate_info" | openssl x509 -noout -enddate 2>/dev/null | cut -d'=' -f2)
date_s=$(date -d "${date}" +%s)
now_s=$(date -d now +%s)
date_diff=$(((date_s - now_s) / 86400))
if [[ -z $date ]]; then
echo -n "does not respond "
echo -ne "\033[31;1m"
echo FAILURE
((result += 1))
elif [[ $date_diff -gt 20 ]]; then
echo -n "issuer:$issuer "
echo -n "will expire in $date_diff days "
echo -ne "\033[32;1m"
echo ok
elif [[ $date_diff -gt 0 ]]; then
echo -n "issuer:$issuer "
echo -n "will expire in $date_diff days "
echo -ne "\033[31;1m"
echo WARNING
((result += 1))
else
echo -n "issuer:$issuer "
echo -n "has already expired $date_diff ago "
echo -ne "\033[31;1m"
echo FAILURE
((result += 1))
fi
echo -ne "\033[0m"
}
#MAIN
[[ -z "$DOMAIN" ]] && usage
case $PROTOCOL in
https | 443)
check_ssl HTTPS 443
;;
smtps | 587)
check_ssl SMTPS 587
;;
pop3 | 995)
check_ssl POP3 995
;;
imap | 993)
check_ssl IMAP 993
;;
all | ALL)
check_ssl HTTPS 443
check_ssl SMTPS 587
check_ssl POP3 995
check_ssl IMAP 993
;;
*)
usage
;;
esac
exit "$result"