README: install and usage
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
parent
428c8b35b2
commit
9b8dbd620c
GPG key ID:
E30EFAA812C6E5ED
2 changed files with 44 additions and 5 deletions
37
README.md
37
README.md
|
|
@ -11,3 +11,40 @@ Arguments passed to the tool are PEM encoded x509 files.
|
|||
No output at all if all good.
|
||||
If any of the PEM x509 files have DNS Names _and_ the notAfter date is within 20day from today, then output text alert to stdout and return non-zero exit code.
|
||||
|
||||
## Install
|
||||
|
||||
```shell
|
||||
go install git.batts.cloud/vbatts/too-soon@latest
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
with the `pem` command you run against PEM files local to the command and return code is the number of certificates that are within the range of being expired, or are already expired:
|
||||
|
||||
```shell
|
||||
root@infra1:~/lb# too-soon pem letsencrypt/live/example.com-0002/fullchain.pem
|
||||
WARN[0000] "letsencrypt/live/example.com-0002/fullchain.pem" : TIME TO RENEW CERTIFICATE (already expired!)
|
||||
WARN[0000] "letsencrypt/live/example.com-0002/fullchain.pem" : 2022-02-01 09:51:49 +0000 UTC
|
||||
WARN[0000] "letsencrypt/live/example.com-0002/fullchain.pem" : [example.com]
|
||||
certificates need to be renewed
|
||||
root@infra1:~/lb# echo $?
|
||||
1
|
||||
```
|
||||
|
||||
By default, if there are no expired certificates, then nothing is printed to stdout.
|
||||
Use the `--debug` flag to see the datetime of the certificates:
|
||||
|
||||
```shell
|
||||
root@infra1:~/lb# too-soon -D pem letsencrypt/live/example.com-0007/fullchain.pem
|
||||
DEBU[0000] "letsencrypt/live/example.com-0007/fullchain.pem" : 2025-04-06 18:47:55 +0000 UTC
|
||||
DEBU[0000] "letsencrypt/live/example.com-0007/fullchain.pem" : [example.com]
|
||||
|
||||
```
|
||||
|
||||
## Combo
|
||||
|
||||
Whether you use a cronjob or a systemd timer, you can chain this command to a daily/weekly job to check an email yourself:
|
||||
|
||||
```shell
|
||||
too-soon pem "fullchain.pem" || mail -s "$(shell hostname): certificates expire soon" webmaster@example.com
|
||||
```
|
||||
|
|
|
|||
12
main.go
12
main.go
|
|
@ -72,8 +72,6 @@ func fPEMCheck(ctx context.Context, cmd *cli.Command) error {
|
|||
more := true
|
||||
for more {
|
||||
block, rest := pem.Decode(buf)
|
||||
log.Debugf("%q : %s", file, block.Type)
|
||||
|
||||
cert, err := x509.ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
log.Errorf("%q cert could not be parsed: %s", file, err)
|
||||
|
|
@ -97,9 +95,13 @@ func fPEMCheck(ctx context.Context, cmd *cli.Command) error {
|
|||
alertTime := cert.NotAfter.Add(hours * time.Hour)
|
||||
today := time.Now()
|
||||
if today.After(alertTime) {
|
||||
log.Warnf("%q : TIME TO RENEW CERTIFICATE (expires in less than %d days)", file, cmd.Int("days"))
|
||||
log.Infof("%q : %v", file, cert.NotAfter)
|
||||
log.Infof("%q : %v", file, cert.DNSNames)
|
||||
if today.After(cert.NotAfter) {
|
||||
log.Warnf("%q : TIME TO RENEW CERTIFICATE (already expired!)", file)
|
||||
} else {
|
||||
log.Warnf("%q : TIME TO RENEW CERTIFICATE (expires in less than %d days)", file, cmd.Int("days"))
|
||||
}
|
||||
log.Warnf("%q : %v", file, cert.NotAfter)
|
||||
log.Warnf("%q : %v", file, cert.DNSNames)
|
||||
retCode++
|
||||
} else {
|
||||
log.Debugf("%q : %v", file, cert.NotAfter)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue