2005-02-15 16:30:01 +00:00
|
|
|
#!/bin/bash
|
2004-09-10 14:16:06 +00:00
|
|
|
#
|
|
|
|
# Issue warning e-mails if SSL certificates expire, using
|
|
|
|
# certwatch(8). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
|
|
|
|
# to disable.
|
|
|
|
#
|
|
|
|
|
|
|
|
[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
|
|
|
|
|
|
|
|
# Use configured httpd binary
|
|
|
|
httpd=${HTTPD-/usr/sbin/httpd}
|
|
|
|
|
|
|
|
# Sanity checks
|
|
|
|
test -z "${NOCERTWATCH}" || exit 0
|
|
|
|
test -x ${httpd} || exit 0
|
|
|
|
test -x /usr/bin/certwatch || exit 0
|
|
|
|
test -r /etc/httpd/conf/httpd.conf || exit 0
|
|
|
|
test -x /usr/sbin/sendmail || exit 0
|
|
|
|
test -x /etc/httpd/modules/mod_ssl.so || exit 0
|
2005-02-15 16:30:01 +00:00
|
|
|
test -x /bin/sort || exit 0
|
2004-09-10 14:16:06 +00:00
|
|
|
|
2005-02-15 16:30:01 +00:00
|
|
|
set -o pipefail # pick up exit code of httpd not sort
|
|
|
|
|
|
|
|
certs=`${httpd} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
|
2004-09-10 14:16:06 +00:00
|
|
|
RETVAL=$?
|
|
|
|
test $RETVAL -eq 0 || exit 0
|
|
|
|
|
|
|
|
for c in $certs; do
|
|
|
|
# Check whether a warning message is needed, then issue one if so.
|
|
|
|
/usr/bin/certwatch -q "$c" &&
|
|
|
|
/usr/bin/certwatch "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
|
|
|
|
done
|