#!/bin/bash # # A humble script to check the expiration of this web service certificates. # It uses the ssl-cert-check worker utility, which should be somewhere in path. # Sends an email notification when any certificate is about to expire. # See https://github.com/Matty9191/ssl-cert-check for details. # # Author: Kovács Zoltán # 2026-02-16 v0.1 Initial release # Accepted environment variables and their defaults. PAR_BASEDIR=${PAR_BASEDIR:-""} # Service's base folder # Other initialisations. ALERTEMAIL="$USER@$HOSTNAME" # Alert notification recipient ALERTEXPIRY=14 # Days to alert before expiry CERTFILES="-name *.cer -o -name *.crt -o -name *.pem" CERTFOLDERS="configs/acme configs/certs" # Files and folders to check WORKERNAME="ssl-cert-check" # The 3rd party worker script YMLFILE="docker-compose.yml" # Messages. MSG_MISSINGDEP="Fatal: missing dependency" MSG_MISSINGYML="Fatal: didn't find the docker-compose.yml file" # Basic environment settings. LANG=C LC_ALL=C # Checks the dependencies. TR=$(which tr 2>/dev/null) if [ -z "$TR" ]; then echo "$MSG_MISSINGDEP tr."; exit 1 ; fi for item in basename dirname find readlink do if [ -n "$(which $item)" ] then export $(echo $item | "$TR" '[:lower:]' '[:upper:]' | "$TR" '-' '_')=$(which $item) else echo "$MSG_MISSINGDEP $item." >&2; exit 1; fi done # All dependencies are available via "$THECOMMAND" (upper case) call. # Where I'm? # https://gist.github.com/TheMengzor/968e5ea87e99d9c41782 SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink SCRPATH="$( cd -P "$( "$DIRNAME" "$SOURCE" )" && pwd )" #" SOURCE="$("$READLINK" "$SOURCE")" # if $SOURCE was a relative symlink, we need to resolve it # relative to the path where the symlink file was located [[ $SOURCE != /* ]] && SOURCE="$SCRPATH/$SOURCE" done; SCRPATH="$( cd -P "$( "$DIRNAME" "$SOURCE" )" && pwd )" #" SCRFILE="$("$BASENAME" "$(test -L "$0" && "$READLINK" "$0" || echo "$0")")" #" # Searches the base folder, containing a docker-compose.yml file. # Called from the base folder (./)? BASE_DIR="$PAR_BASEDIR" TEST_DIR="$SCRPATH" [[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR" # Called from ./tools? TEST_DIR="$("$DIRNAME" "$TEST_DIR")" [[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR" # Called from ./tools/*.d? TEST_DIR="$("$DIRNAME" "$TEST_DIR")" [[ -z "$BASE_DIR" ]] && [[ -r "$TEST_DIR/$YMLFILE" ]] && BASE_DIR="$TEST_DIR" # On failure gives it up here. if [ -z "$BASE_DIR" -o ! -r "$BASE_DIR/$YMLFILE" ]; then echo "$MSG_MISSINGYML" >&2; exit 1 fi # Locates the worker script. WORKERSCRIPT="$SCRPATH/$WORKERNAME" [[ ! -x "$WORKERSCRIPT" ]] && WORKERSCRIPT="$(which "$WORKERNAME")" [[ ! -x "$WORKERSCRIPT" ]] \ && echo -e "$MSG_MISSINGDEP $WORKERNAME." >&2 \ && exit 1 # Collects the certificates to be check. certificates="" for folder in $CERTFOLDERS "" do if [ -n "$folder" ]; then certificates+="$("$FIND" "$BASE_DIR/$folder" \( $CERTFILES \) 2>/dev/null) " fi done # Enumerates and checks the collected certificates. # Sends an email notification when expiration is approaching. for cert in $certificates "" do if [ -n "$cert" ]; then "$WORKERSCRIPT" -c "$cert" -x $ALERTEXPIRY -qae "$ALERTEMAIL" fi done # That's all, Folks! :)