SSL certificate expiration check has been added to the daily maintenance.

tools/check_certificates

@@ -0,0 +1,95 @@
+#!/bin/bash
+#
+# A humble script to check the expiration of this web service certificates.
+# It uses the ssl-cert-check worker utility, which should be somewhere in path.
+# Sends an email notification when any certificate is about to expire.
+# See https://github.com/Matty9191/ssl-cert-check for details.
+#
+# Author: Kovács Zoltán <kovacsz@marcusconsulting.hu>
+# 2026-02-16 v0.1 Initial release
+
+# Accepted environment variables and their defaults.
+PAR_BASEDIR=${PAR_BASEDIR:-""}                  # Service's base folder
+
+# Other initialisations.
+ALERTEMAIL="$USER@$HOSTNAME"			# Alert notification recipient
+ALERTEXPIRY=14					# Days to alert before expiry
+CERTFILES="-name *.cer -o -name *.crt -o -name *.pem"
+CERTFOLDERS="configs/acme configs/certs"	# Files and folders to check
+WORKERNAME="ssl-cert-check"			# The 3rd party worker script
+YMLFILE="docker-compose.yml"
+
+# Messages.
+MSG_MISSINGDEP="Fatal: missing dependency"
+MSG_MISSINGYML="Fatal: didn't find the docker-compose.yml file"
+
+# Basic environment settings.
+LANG=C
+LC_ALL=C
+
+# Checks the dependencies.
+TR=$(which tr 2>/dev/null)
+if [ -z "$TR" ]; then echo "$MSG_MISSINGDEP tr."; exit 1 ; fi
+for item in basename dirname find readlink
+do
+    if [ -n "$(which $item)" ]
+    then export $(echo $item | "$TR" '[:lower:]' '[:upper:]' | "$TR" '-' '_')=$(which $item)
+    else echo "$MSG_MISSINGDEP $item." >&2; exit 1; fi
+done
+# All dependencies are available via "$THECOMMAND" (upper case) call.
+
+# Where I'm?
+# https://gist.github.com/TheMengzor/968e5ea87e99d9c41782
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do
+    # resolve $SOURCE until the file is no longer a symlink
+    SCRPATH="$( cd -P "$( "$DIRNAME" "$SOURCE" )" && pwd )" #"
+    SOURCE="$("$READLINK" "$SOURCE")"
+    # if $SOURCE was a relative symlink, we need to resolve it
+    # relative to the path where the symlink file was located
+    [[ $SOURCE != /* ]] && SOURCE="$SCRPATH/$SOURCE"
+done; SCRPATH="$( cd -P "$( "$DIRNAME" "$SOURCE" )" && pwd )" #"
+SCRFILE="$("$BASENAME" "$(test -L "$0" && "$READLINK" "$0" || echo "$0")")" #"
+
+# Searches the base folder, containing a docker-compose.yml file.
+# Called from the base folder (./)?
+BASE_DIR="$PAR_BASEDIR"
+TEST_DIR="$SCRPATH"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# Called from ./tools/*.d?
+TEST_DIR="$("$DIRNAME" "$TEST_DIR")"
+[[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR"
+# On failure gives it up here.
+if [ -z "$BASE_DIR" -o ! -r "$BASE_DIR/$YMLFILE" ]; then
+    echo "$MSG_MISSINGYML" >&2; exit 1
+fi
+
+# Locates the worker script.
+WORKERSCRIPT="$SCRPATH/$WORKERNAME"
+[[ ! -x "$WORKERSCRIPT" ]] && WORKERSCRIPT="$(which "$WORKERNAME")"
+[[ ! -x "$WORKERSCRIPT" ]] \
+&& echo -e "$MSG_MISSINGDEP $WORKERNAME." >&2 \
+&& exit 1
+
+# Collects the certificates to be check.
+certificates=""
+for folder in $CERTFOLDERS ""
+do
+    if [ -n "$folder" ]; then
+	certificates+="$("$FIND" "$BASE_DIR/$folder" \( $CERTFILES  \) 2>/dev/null) "
+    fi
+done
+
+# Enumerates and checks the collected certificates.
+# Sends an email notification when expiration is approaching.
+for cert in $certificates ""
+do
+    if [ -n "$cert" ]; then
+	"$WORKERSCRIPT" -c "$cert" -x $ALERTEXPIRY -qae "$ALERTEMAIL"
+    fi
+done
+
+# That's all, Folks! :)