*: basics of a DNS cert expiration alart

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2025-02-15 10:26:35 -05:00 · 2025-02-15 10:26:35 -05:00 · 82905131cc
commit 82905131cc
parent 96f3bff8d3
2 changed files with 78 additions and 0 deletions
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,8 @@
 module git.batts.cloud/vbatts/too-soon
 go 1.22.5
 require (
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
 )
--- a/main.go
+++ b/main.go
@ -0,0 +1,70 @@
 package main
 import (
 	"crypto/x509"
 	"encoding/pem"
 	"flag"
 	"os"
 	"time"
 	log "github.com/sirupsen/logrus"
 )
 func main() {
 	fDays := flag.Int("d", 20, "number of days to alert on")
 	fDebug := flag.Bool("D", false, "debug mode")
 	flag.Parse()
 	if *fDebug {
 		log.SetLevel(log.DebugLevel)
 	}
 	for _, file := range flag.Args() {
 		var certs []*x509.Certificate
 		buf, err := os.ReadFile(file)
 		if err != nil {
 			log.Errorf("%q could not be read: %s", file, err)
 			continue
 		}
 		more := true
 		for more {
 			block, rest := pem.Decode(buf)
 			log.Debugf("%q : %s", file, block.Type)
 			cert, err := x509.ParseCertificate(block.Bytes)
 			if err != nil {
 				log.Errorf("%q cert could not be parsed: %s", file, err)
 				continue
 			}
 			certs = append(certs, cert)
 			if len(rest) == 0 {
 				more = false
 			}
 			// reset the buffer if there is more
 			buf = rest
 		}
 		for _, cert := range certs {
 			if len(cert.DNSNames) == 0 {
 				continue
 			}
 			hours := time.Duration(*fDays * -24)
 			alertTime := cert.NotAfter.Add(hours * time.Hour)
 			today := time.Now()
 			if today.After(alertTime) {
 				log.Warnf("%q : TIME TO RENEW CERTIFICATE (expires in less than %d days)", file, *fDays)
 				log.Infof("%q : %v", file, cert.NotAfter)
 				log.Infof("%q : %v", file, cert.DNSNames)
 			} else {
 				log.Debugf("%q : %v", file, cert.NotAfter)
 				log.Debugf("%q : %v", file, cert.DNSNames)
 			}
 		}
 	}
 }