Don't check the certificate when the connection failed

author Tom Hughes <tom@compton.nu>

Fri, 26 Jan 2018 15:30:13 +0000 (15:30 +0000)

committer Tom Hughes <tom@compton.nu>

Fri, 26 Jan 2018 15:30:13 +0000 (15:30 +0000)
author Tom Hughes <tom@compton.nu>
Fri, 26 Jan 2018 15:30:13 +0000 (15:30 +0000)
committer Tom Hughes <tom@compton.nu>
Fri, 26 Jan 2018 15:30:13 +0000 (15:30 +0000)
diff --git a/cookbooks/letsencrypt/files/default/bin/check-certificate b/cookbooks/letsencrypt/files/default/bin/check-certificate

index 35fbbed1f7b08405d193595601d4cedff862812e..f3599a36f17b7a1d6d590131b576b377d095521e 100755 (executable)
--- a/cookbooks/letsencrypt/files/default/bin/check-certificate
+++ b/cookbooks/letsencrypt/files/default/bin/check-certificate
@@ -21,13 +21,15 @@ rescue StandardError => error
    puts "Error connecting to #{host}: #{error.message}"
  end
  
-certificate = ssl.peer_cert
+if ssl
+  certificate = ssl.peer_cert
+
+  if Time.now < certificate.not_before
+    puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}"
+  elsif certificate.not_after - Time.now < 21 * 86400
+    puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
+  end
  
-if Time.now < certificate.not_before
-  puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}"
-elsif certificate.not_after - Time.now < 21 * 86400
-  puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
-else
    subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" }
  
    if subject_alt_name.nil?
@@ -47,6 +49,6 @@ else
        puts "Certificate #{domains.first} on #{host} has unexpected subjectAltName #{name}"
      end
    end
-end
  
-ssl.close
+  ssl.close
+end
author	Tom Hughes <tom@compton.nu>
	Fri, 26 Jan 2018 15:30:13 +0000 (15:30 +0000)
committer	Tom Hughes <tom@compton.nu>
	Fri, 26 Jan 2018 15:30:13 +0000 (15:30 +0000)