Giles, I also wanted to thank you for posting this. I am probably not going to use it, because I use certbot, but the layout and approach shown in your bash script is really interesting. There is a lot to learn, even though I do all of this kind of work with Python.

Thanks again!


On Wed, 26 Apr 2023 at 08:57, Giles Orr via talk <talk@gtalug.org> wrote:
Three weeks ago I mentioned to a couple people on this mailing list
that I'd written a script at work that live-checks TLS certificates
across multiple machines.  This is a very useful thing to have when
one of my jobs is maintaining multiple small websites.  One of these
people responded that I should give a short talk about this project,
and added "Most of us do a little sys-admining and can learn from the
pros."  At which point I burst out laughing ... and realized Imposter
Syndrome had reared its ugly head once again.  A "professional" is
someone who gets paid to do a job, and I am that.  Doesn't mean I feel
like a "professional sys-admin," even though I am - more of a
professional jack-of-all-trades ...  But "Imposter Syndrome" is
another huge discussion ... we now return you to our irregularly
scheduled programming.

That message prompted me to talk to my bosses, one of whom not only
endorsed my idea of publicly releasing this code, but did so
enthusiastically.  My thanks to Toronto Public Library for that.  And
so I give you:

https://github.com/gilesorr/robotface-utils

(The naming is a weird story - explanation in the README if you're curious.)

Given a list of fully qualified domain names, the 'chkcertexpiry'
script goes to each one, retrieves the TLS certificate, and lists the
expiry date and issuer.  If the expiry date is soon (number of days
settable by a command line switch) the date is colour-highlighted.  If
there are connection problems, those are noted.

At work, I run this once a week against all the sites I'm responsible
for.  I don't think we've had an expired cert on any of those domains
in the 5-7 years I've been using this script.

I hope people will use this.  I welcome comments and suggestions.  I'm
a little scared of PRs because I've never had to deal with them before
...

Please feel free to share as you think appropriate.

--
Giles
https://www.gilesorr.com/
gilesorr@gmail.com
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk