Skip to content
/ cert-expiry-bot Public

Monitors SSL certificates for domains listed in cert_expiry_bot.txt and sends notifications if they expire within 14 or 7 days (configurable).

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PaulSorensen/cert-expiry-bot

BranchesTags

Repository files navigation

Cert Expiry Bot

Badge Badge

Cert Expiry Bot is a Bash script that monitors SSL certificates for multiple domains and sends notifications if they are expiring soon. It checks for expirations within 14 and 7 days (configurable), and includes error handling for invalid domains or missing certificates.

Features

  • Monitors SSL certificates for multiple domains.
  • Sends notifications for certificates expiring within configurable thresholds.
  • Supports multiple notification methods:
    • ntfy
    • Telegram Bot
    • Webhook
  • Includes error handling for invalid domains or missing certificates.
  • Easy configuration via .env and .conf files.

Requirements

  • curl and openssl must be installed.
  • At least one notification method must be configured in .env.

Usage

  1. Configure environment:

    • Copy .env.example to .env:

      cp .env.example .env

    • Edit .env and set one or more of the following:

      # ntfy
NTFY_TOPIC=server-topic-123

# Telegram
TELEGRAM_BOT_TOKEN=1234567890:ABC
TELEGRAM_CHAT_ID=9876543210

# Webhook
WEBHOOK_URL=https://webhook.domain.com/endpoint

    • Secure the file:

      chmod 600 .env

  2. Add domains to monitor:

    • Copy cert_expiry_bot.txt.example to cert_expiry_bot.txt:

      cp cert_expiry_bot.txt.example cert_expiry_bot.txt

    • Edit cert_expiry_bot.txt and add one domain per line (e.g., domain1.com).

  3. Configure thresholds:

    • Edit cert_expiry_bot.conf and adjust if needed, or leave default values:

      EXPIRATION_TIME_SHORT=7
EXPIRATION_TIME_LONG=14

  4. Make the script executable:

    chmod +x cert_expiry_bot.sh

  5. Test the script:

    • To test, set EXPIRATION_TIME_LONG to 90 in cert_expiry_bot.conf (since domains typically renew 30 days before expiry, this will likely trigger alerts for most domains).

    • Run the script manually:

      ./cert_expiry_bot.sh

  6. Schedule a cron job:

    • Edit your crontab:

      crontab -e

    • Add this line to run every day at 12:00:

      0 12 * * * /path/to/cert_expiry_bot.sh

Important Notes

  • The script uses openssl to check SSL certificates, so the domains must be accessible over HTTPS on port 443.

Author

Paul Sørensen
https://paulsorensen.io
https://github.com/paulsorensen

Support

If you found this project useful, a small tip is appreciated ❤️
https://buymeacoffee.com/paulsorensen

License

This project is licensed under the MIT License.
See LICENSE for details.

About

Monitors SSL certificates for domains listed in cert_expiry_bot.txt and sends notifications if they expire within 14 or 7 days (configurable).

Topics

linux shell bash open-source ssl-certificates openssl-tools

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages