diff options
| author | ache <ache@ache.one> | 2025-02-16 09:11:25 +0100 |
|---|---|---|
| committer | ache <ache@ache.one> | 2025-02-16 09:11:25 +0100 |
| commit | a6f03bfad3dca7e9ea335a86f7ca843971e854f5 (patch) | |
| tree | 4c9a1212da91c2e3300265c6a69c5a50ab2bd049 | |
| parent | Update size of download (diff) | |
Add check-certificates command
| -rw-r--r-- | check-certificates.sh | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/check-certificates.sh b/check-certificates.sh new file mode 100644 index 0000000..2212cde --- /dev/null +++ b/check-certificates.sh @@ -0,0 +1,22 @@ +#!/bin/env bash + +CERTIFICATES_DIR="/srv/certs/" +LOCAL_CA_CERT="${CERTIFICATES_DIR}/" + +pushd ${CERTIFICATES_DIR} +for cert in $(find -name "*.cert"); do + if openssl x509 -checkend 345600 -noout -in ${cert}; then + echo "${cert} will expire in more than 4 days" + else + echo "⚠️ ${cert} will expire soon !" + + NEW_CSR=$(echo ${cert} | sed 's/.cert/.csr/') + CERT_KEY=$(echo ${cert} | sed 's/.cert/.key/') + CERT_CONFIG=$(echo ${cert} | sed 's/.cert/.conf/') + + @echo "Renewing ${cert}" + @echo "Creating new CSR" + openssl req -new -key ${CERT_KEY} -out $NEW_CSR -config $CERT_CONFIG + echo "Renewing certificate" + openssl x509 -req -CA $LOCAL_CA_CERT -CAkey $LOCAL_CA_KEY -in $NEW_CSR -out $cert -days 10 -CAcreateserial -extensions v3_ext -extfile $CERT_CONFIG -sha256 +done |