Comment by geofft

4 years ago

You can do this with the following crappy cronjob (monitoring the machine where your cronjobs run is left as an exercise to the reader / is why you'd want to pay someone to deal with it):

    0 0 * * * openssl s_client -showcerts -connect news.ycombinator.com:443 </dev/null 2>/dev/null | openssl x509 -checkend 864000 >/dev/null || echo "Certificate is expiring"

Assuming your system has local mail (via the sendmail command) working, this will send you an email if your certificate expires in the next 864000 seconds = 10 days. If you have an MTA installed but don't use local mail on the machine, you can use the MAILTO feature to send it to your normal email address.

4 comments

geofft

atok1 4 years ago

That's pretty useful, thanks.

I can setup a monitor (FOSS) for the computer that is doing the site monitoring, since I only use open source software that I can inspect.

oars 4 years ago

Great one liner to monitor expiring certs, thanks.

amozoss 4 years ago

Could pipe it to pushback.io too, super easy way to setup push notifications to your phone

oars 4 years ago

Pushback looks fantastic, thank you for sharing.