Adding the SSL expiry monitor

2016-03-16 16:49:56 +01:00 · 2016-03-16 16:49:56 +01:00 · 4dd44366e1
parent 9846fb820f
commit 4dd44366e1
2 changed files with 24 additions and 0 deletions
--- a/sslexpiry.py
+++ b/sslexpiry.py
@ -0,0 +1,17 @@
+#!/usr/bin/python3
+
+import ast, datetime, setuptools, ssltools, twitools
+
+if __name__ == "__main__":
+ hosts = ast.literal_eval(setuptools.getSetting("SSL", "hosts"))
+ pbefore = int(setuptools.getSetting("SSL", "pbefore"))
+ pafter = int(setuptools.getSetting("SSL", "pafter"))
+
+ for h in hosts:
+  expiry = ssltools.getRemoteExpiry(h[0], h[1])
+  diff = expiry - datetime.datetime.now()
+  if diff < datetime.timedelta(days=pbefore):
+   if expiry > datetime.datetime.now():
+    print("@%s %s certificate expiring soon (%s). Please renew." % (h[2], h[0], expiry))
+   elif expiry + datetime.timedelta(days=pafter) < datetime.datetime.now():
+    print("@%s %s certificate has expired! (%s) Please renew ASAP!" % (h[2], h[0], expiry))
--- a/ssltools/init.py
+++ b/ssltools/init.py
@ -0,0 +1,7 @@
+import datetime, OpenSSL, ssl
+
+def getRemoteCert(host, port):
+ return ssl.get_server_certificate((host, port))
+
+def getRemoteExpiry(host,port):
+ return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")