vbatts/too-soon
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

README: install and usage

Browse source 
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
Vincent Batts 2025-02-17 15:29:10 -05:00
parent 428c8b35b2
commit 9b8dbd620c
Signed by: vbatts
GPG key ID: E30EFAA812C6E5ED
2 changed files with 44 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

37
README.md
View file

@ -11,3 +11,40 @@ Arguments passed to the tool are PEM encoded x509 files.
No output at all if all good.
If any of the PEM x509 files have DNS Names _and_ the notAfter date is within 20day from today, then output text alert to stdout and return non-zero exit code.
## Install
```shell
go install git.batts.cloud/vbatts/too-soon@latest
```
## Usage
with the `pem` command you run against PEM files local to the command and return code is the number of certificates that are within the range of being expired, or are already expired:
```shell
root@infra1:~/lb# too-soon pem letsencrypt/live/example.com-0002/fullchain.pem
WARN[0000] "letsencrypt/live/example.com-0002/fullchain.pem" : TIME TO RENEW CERTIFICATE (already expired!)
WARN[0000] "letsencrypt/live/example.com-0002/fullchain.pem" : 2022-02-01 09:51:49 +0000 UTC
WARN[0000] "letsencrypt/live/example.com-0002/fullchain.pem" : [example.com]
certificates need to be renewed
root@infra1:~/lb# echo $?
1
```
By default, if there are no expired certificates, then nothing is printed to stdout.
Use the `--debug` flag to see the datetime of the certificates:
```shell
root@infra1:~/lb# too-soon -D pem letsencrypt/live/example.com-0007/fullchain.pem
DEBU[0000] "letsencrypt/live/example.com-0007/fullchain.pem" : 2025-04-06 18:47:55 +0000 UTC
DEBU[0000] "letsencrypt/live/example.com-0007/fullchain.pem" : [example.com]
```
## Combo
Whether you use a cronjob or a systemd timer, you can chain this command to a daily/weekly job to check an email yourself:
```shell
too-soon pem "fullchain.pem" || mail -s "$(shell hostname): certificates expire soon" webmaster@example.com
```

10
main.go
View file

@ -72,8 +72,6 @@ func fPEMCheck(ctx context.Context, cmd *cli.Command) error {
more := true
for more {
block, rest := pem.Decode(buf)
log.Debugf("%q : %s", file, block.Type)
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
log.Errorf("%q cert could not be parsed: %s", file, err)
@ -97,9 +95,13 @@ func fPEMCheck(ctx context.Context, cmd *cli.Command) error {
alertTime := cert.NotAfter.Add(hours * time.Hour)
today := time.Now()
if today.After(alertTime) {
if today.After(cert.NotAfter) {
log.Warnf("%q : TIME TO RENEW CERTIFICATE (already expired!)", file)
} else {
log.Warnf("%q : TIME TO RENEW CERTIFICATE (expires in less than %d days)", file, cmd.Int("days"))
log.Infof("%q : %v", file, cert.NotAfter)
log.Infof("%q : %v", file, cert.DNSNames)
}
log.Warnf("%q : %v", file, cert.NotAfter)
log.Warnf("%q : %v", file, cert.DNSNames)
retCode++
} else {
log.Debugf("%q : %v", file, cert.NotAfter)