expiry-cert.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

#!/bin/bash

# 1st argument should be fqdm
# returns 0 if certificate is expired
function cert_check_expired() {
  SERVERNAME=$1; shift  # for SNI stuff
  IP=$(dig +noall +answer +short $SERVERNAME)
  now_epoch=$(date +%s)

  expiry_date=$(echo | openssl s_client -servername $SERVERNAME -connect $IP:443 2>/dev/null </dev/null | openssl x509 -noout -enddate | cut -d "=" -f 2)
  expiry_epoch=$(date -d "$expiry_date" +%s)
  if [[ $(($expiry_epoch - $now_epoch)) -le 0 ]]; then return 0; fi  # return statement sets the $? variable
}

cert_check_expired "www.fatalhalt.net"
echo $?