Three weeks ago I mentioned to a couple people on this mailing list that I'd written a script at work that live-checks TLS certificates across multiple machines. This is a very useful thing to have when one of my jobs is maintaining multiple small websites. One of these people responded that I should give a short talk about this project, and added "Most of us do a little sys-admining and can learn from the pros." At which point I burst out laughing ... and realized Imposter Syndrome had reared its ugly head once again. A "professional" is someone who gets paid to do a job, and I am that. Doesn't mean I feel like a "professional sys-admin," even though I am - more of a professional jack-of-all-trades ... But "Imposter Syndrome" is another huge discussion ... we now return you to our irregularly scheduled programming. That message prompted me to talk to my bosses, one of whom not only endorsed my idea of publicly releasing this code, but did so enthusiastically. My thanks to Toronto Public Library for that. And so I give you: https://github.com/gilesorr/robotface-utils (The naming is a weird story - explanation in the README if you're curious.) Given a list of fully qualified domain names, the 'chkcertexpiry' script goes to each one, retrieves the TLS certificate, and lists the expiry date and issuer. If the expiry date is soon (number of days settable by a command line switch) the date is colour-highlighted. If there are connection problems, those are noted. At work, I run this once a week against all the sites I'm responsible for. I don't think we've had an expired cert on any of those domains in the 5-7 years I've been using this script. I hope people will use this. I welcome comments and suggestions. I'm a little scared of PRs because I've never had to deal with them before ... Please feel free to share as you think appropriate. -- Giles https://www.gilesorr.com/ gilesorr@gmail.com
Hi Giles. I find your script very useful and have added it to my list of tools. Thank you!
On Apr 26, 2023, at 08:57, Giles Orr via talk <talk@gtalug.org> wrote:
Three weeks ago I mentioned to a couple people on this mailing list that I'd written a script at work that live-checks TLS certificates across multiple machines. This is a very useful thing to have when one of my jobs is maintaining multiple small websites. One of these people responded that I should give a short talk about this project, and added "Most of us do a little sys-admining and can learn from the pros." At which point I burst out laughing ... and realized Imposter Syndrome had reared its ugly head once again. A "professional" is someone who gets paid to do a job, and I am that. Doesn't mean I feel like a "professional sys-admin," even though I am - more of a professional jack-of-all-trades ... But "Imposter Syndrome" is another huge discussion ... we now return you to our irregularly scheduled programming.
That message prompted me to talk to my bosses, one of whom not only endorsed my idea of publicly releasing this code, but did so enthusiastically. My thanks to Toronto Public Library for that. And so I give you:
https://github.com/gilesorr/robotface-utils
(The naming is a weird story - explanation in the README if you're curious.)
Given a list of fully qualified domain names, the 'chkcertexpiry' script goes to each one, retrieves the TLS certificate, and lists the expiry date and issuer. If the expiry date is soon (number of days settable by a command line switch) the date is colour-highlighted. If there are connection problems, those are noted.
At work, I run this once a week against all the sites I'm responsible for. I don't think we've had an expired cert on any of those domains in the 5-7 years I've been using this script.
I hope people will use this. I welcome comments and suggestions. I'm a little scared of PRs because I've never had to deal with them before ...
Please feel free to share as you think appropriate.
-- Giles https://www.gilesorr.com/ gilesorr@gmail.com --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Hi Alex. Thanks! That's what every OSS author hopes for. It's great to hear. On Thu, 27 Apr 2023 at 09:35, Alex Kink via talk <talk@gtalug.org> wrote:
Hi Giles. I find your script very useful and have added it to my list of tools.
Thank you!
On Apr 26, 2023, at 08:57, Giles Orr via talk <talk@gtalug.org> wrote:
Three weeks ago I mentioned to a couple people on this mailing list that I'd written a script at work that live-checks TLS certificates across multiple machines. This is a very useful thing to have when one of my jobs is maintaining multiple small websites. One of these people responded that I should give a short talk about this project, and added "Most of us do a little sys-admining and can learn from the pros." At which point I burst out laughing ... and realized Imposter Syndrome had reared its ugly head once again. A "professional" is someone who gets paid to do a job, and I am that. Doesn't mean I feel like a "professional sys-admin," even though I am - more of a professional jack-of-all-trades ... But "Imposter Syndrome" is another huge discussion ... we now return you to our irregularly scheduled programming.
That message prompted me to talk to my bosses, one of whom not only endorsed my idea of publicly releasing this code, but did so enthusiastically. My thanks to Toronto Public Library for that. And so I give you:
https://github.com/gilesorr/robotface-utils
(The naming is a weird story - explanation in the README if you're curious.)
Given a list of fully qualified domain names, the 'chkcertexpiry' script goes to each one, retrieves the TLS certificate, and lists the expiry date and issuer. If the expiry date is soon (number of days settable by a command line switch) the date is colour-highlighted. If there are connection problems, those are noted.
At work, I run this once a week against all the sites I'm responsible for. I don't think we've had an expired cert on any of those domains in the 5-7 years I've been using this script.
I hope people will use this. I welcome comments and suggestions. I'm a little scared of PRs because I've never had to deal with them before ...
Please feel free to share as you think appropriate.
-- Giles https://www.gilesorr.com/ gilesorr@gmail.com --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Giles https://www.gilesorr.com/ gilesorr@gmail.com
Giles, I also wanted to thank you for posting this. I am probably not going to use it, because I use certbot, but the layout and approach shown in your bash script is really interesting. There is a lot to learn, even though I do all of this kind of work with Python. Thanks again! On Wed, 26 Apr 2023 at 08:57, Giles Orr via talk <talk@gtalug.org> wrote:
Three weeks ago I mentioned to a couple people on this mailing list that I'd written a script at work that live-checks TLS certificates across multiple machines. This is a very useful thing to have when one of my jobs is maintaining multiple small websites. One of these people responded that I should give a short talk about this project, and added "Most of us do a little sys-admining and can learn from the pros." At which point I burst out laughing ... and realized Imposter Syndrome had reared its ugly head once again. A "professional" is someone who gets paid to do a job, and I am that. Doesn't mean I feel like a "professional sys-admin," even though I am - more of a professional jack-of-all-trades ... But "Imposter Syndrome" is another huge discussion ... we now return you to our irregularly scheduled programming.
That message prompted me to talk to my bosses, one of whom not only endorsed my idea of publicly releasing this code, but did so enthusiastically. My thanks to Toronto Public Library for that. And so I give you:
https://github.com/gilesorr/robotface-utils
(The naming is a weird story - explanation in the README if you're curious.)
Given a list of fully qualified domain names, the 'chkcertexpiry' script goes to each one, retrieves the TLS certificate, and lists the expiry date and issuer. If the expiry date is soon (number of days settable by a command line switch) the date is colour-highlighted. If there are connection problems, those are noted.
At work, I run this once a week against all the sites I'm responsible for. I don't think we've had an expired cert on any of those domains in the 5-7 years I've been using this script.
I hope people will use this. I welcome comments and suggestions. I'm a little scared of PRs because I've never had to deal with them before ...
Please feel free to share as you think appropriate.
-- Giles https://www.gilesorr.com/ gilesorr@gmail.com --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
participants (3)
-
Alex Kink -
Giles Orr -
William Witteman