From ed2670679087bb52a6362b1240b9eefae976e83e Mon Sep 17 00:00:00 2001 From: Chl Date: Wed, 2 Oct 2019 02:20:14 +0200 Subject: [PATCH] script_refresh-proxied-certs: check expiry dates --- script_refresh-proxied-certs.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/script_refresh-proxied-certs.sh b/script_refresh-proxied-certs.sh index 7b48e18..c9d9a7e 100755 --- a/script_refresh-proxied-certs.sh +++ b/script_refresh-proxied-certs.sh @@ -43,6 +43,12 @@ for i in *.crt; do fi fi fi + + # While we are at it, let's check the expiry dates + if [ "$( date --date="$( openssl x509 -noout -dates -in "$i" | sed -n '/^notAfter/s/^notAfter=//p' )" +%s )" -lt "$(( $( date +%s ) + 86400 ))" ]; then + echo "WARNING: certificate '$i' near or already expired." >&2 + EXIT_STATUS=1 + fi done # Cleanup and exit