Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When I received the first warning email about this, I wrote a simple library and cli to validate all my certs for me.

https://github.com/jgaa/openvalify



I just have a cronjob that does:

    #!/usr/bin/env bash

    cert_check() {
        server=$1
        host=$2
        port=$3

        str=`ssh "$server" "echo | openssl s_client -servername $host -connect localhost:$port | openssl x509 -noout -checkend 604800"` || true
        if ! echo "$str" | grep -q 'Certificate will not expire' ; then
            echo "$str" | ./send-email.py "Certificate \"$host\" on $server will expire in 7 days" \
        fi
    }

    cert_check name myserver.com 443


If you’re automating the check why not automate the renewal directly?


I've missed expired certificates because of a configuration issue that broke the certbot automation. Granted, I could've read the certbot journalctl output, but 99.9% of the time that's a waste of time. Not like there was anything mission-critical on there.


who says they don't have the renewal automated?


> https://github.com/jgaa/openvalify

I don't begrudge people writing a tool to learn, but it should be noted that this wheel has already been invented:

* https://github.com/matteocorti/check_ssl_cert

* https://exchange.nagios.org/directory/Plugins/Security/check...

* https://github.com/narbehaj/ssl-checker

* https://github.com/Matty9191/ssl-cert-check




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: