crypto-utils/certwatch.cron

34 lines
1.0 KiB
Plaintext
Raw Normal View History

#!/bin/bash
#
# Issue warning e-mails if SSL certificates expire, using
# certwatch(1). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
# to disable. Pass additional options to certwatch in the
# CERTWATCH_OPTS variable; see the man page for details.
#
[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
# Use configured httpd binary
httpd=${HTTPD-/usr/sbin/httpd}
# Sanity checks
test -z "${NOCERTWATCH}" || exit 0
test -x ${httpd} || exit 0
test -x /usr/bin/certwatch || exit 0
test -r /etc/httpd/conf/httpd.conf || exit 0
test -x /usr/sbin/sendmail || exit 0
test -x /etc/httpd/modules/mod_ssl.so || exit 0
test -x /bin/sort || exit 0
set -o pipefail # pick up exit code of httpd not sort
certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
RETVAL=$?
test $RETVAL -eq 0 || exit 0
for c in $certs; do
# Check whether a warning message is needed, then issue one if so.
/usr/bin/certwatch $CERTWATCH_OPTS -q "$c" &&
/usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
done