Start reminding about expiry at 21 days
[chef.git] / cookbooks / letsencrypt / files / default / bin / check-certificate
1 #!/usr/bin/ruby
2
3 require "net/http"
4
5 domain = ARGV.first
6
7 begin
8   connection = Net::HTTP.start(domain, :use_ssl => true)
9   certificate = connection.peer_cert
10
11   if Time.now < certificate.not_before
12     puts "Certificate #{domain} not valid until #{certificate.not_before}"
13   elsif certificate.not_after - Time.now < 21 * 86400
14     puts "Certificate #{domain} expires at #{certificate.not_after}"
15   else
16     subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" }
17
18     if subject_alt_name.nil?
19       puts "Certificate #{domain} has no subjectAltName"
20     else
21       alt_names = subject_alt_name.value.split(/\s*,\s*/).sort
22
23       ARGV.sort.each do |expected|
24         puts "Certificate #{domain} is missing subjectAltName #{expected}" unless alt_names.shift == "DNS:#{expected}"
25       end
26
27       alt_names.each do |name|
28         puts "Certificate #{domain} has unexpected subjectAltName #{name}"
29       end
30     end
31   end
32
33   connection.finish
34 rescue StandardError => error
35   puts "Error connecting to #{domain}: #{error.message}"
36 end