zbx-templates/NGINX/cert-check

#!/bin/bash

host=$1
port=$2
sni=$3
proto=$4

if [ -z "$sni" ]
then
	servername=$host
else
	servername=$sni
fi

if [ -z "$port" ]
then
	port="443"
fi

if [ -n "$proto" ]
then
	starttls="-starttls $proto"
fi

cert_data=`openssl s_client -servername $servername -host $host -port $port $starttls -prexit </dev/null 2>/dev/null | sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`
if [ -n "$cert_data" ]; then
	Rcert=true
	validate_hostname=`echo "$cert_data" | openssl x509 -checkhost  $servername 2>/dev/null | grep 'does NOT match certificate'`
	if [ -z "$validate_hostname" ]; then
		Rhostname=true
	else
		Rhostname=false
	fi
	end_date=`echo "$cert_data" | openssl x509 -dates -noout 2>/dev/null | sed -n 's/ *notAfter=*//p'`
	if [ -n "$end_date" ]; then
		end_date_seconds=`date '+%s' --date "$end_date"`
		now_seconds=`date '+%s'`
		remaining_days=`echo "($end_date_seconds-$now_seconds)/24/3600" | bc`
		if [ "$remaining_days" -lt 0 ]; then
			Rdays=0
		else
			Rdays=$remaining_days
		fi
	else
		echo '-1'
	fi
	issue_dn=`echo "$cert_data" |  openssl x509 -issuer -noout 2>/dev/null | sed -n 's/ *issuer=*//p'`
	if [ -n "$issue_dn" ]; then
		Rissuer=`echo $issue_dn | sed -n -e 's/, CN = / - /g' -e 's/.*O = //p'`
	else
		Rissuer=""
	fi
else
	Rcert=false
fi

echo "{ \"cert\": ${Rcert}, \"valid_hostname\": ${Rhostname}, \"remaining_days\": ${Rdays}, \"issuer\": \"${Rissuer}\"}"
Initial Commit 2021-04-12 23:33:30 +02:00			`#!/bin/bash`

			`host=$1`
			`port=$2`
			`sni=$3`
			`proto=$4`

			`if [ -z "$sni" ]`
			`then`
			`servername=$host`
			`else`
			`servername=$sni`
			`fi`

			`if [ -z "$port" ]`
			`then`
			`port="443"`
			`fi`

			`if [ -n "$proto" ]`
			`then`
			`starttls="-starttls $proto"`
			`fi`

			cert_data=`openssl s_client -servername $servername -host $host -port $port $starttls -prexit </dev/null 2>/dev/null \| sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`
			`if [ -n "$cert_data" ]; then`
			`Rcert=true`
			validate_hostname=`echo "$cert_data" \| openssl x509 -checkhost $servername 2>/dev/null \| grep 'does NOT match certificate'`
			`if [ -z "$validate_hostname" ]; then`
			`Rhostname=true`
			`else`
			`Rhostname=false`
			`fi`
			end_date=`echo "$cert_data" \| openssl x509 -dates -noout 2>/dev/null \| sed -n 's/ notAfter=//p'`
			`if [ -n "$end_date" ]; then`
			end_date_seconds=`date '+%s' --date "$end_date"`
			now_seconds=`date '+%s'`
			remaining_days=`echo "($end_date_seconds-$now_seconds)/24/3600" \| bc`
			`if [ "$remaining_days" -lt 0 ]; then`
			`Rdays=0`
			`else`
			`Rdays=$remaining_days`
			`fi`
			`else`
			`echo '-1'`
			`fi`
			issue_dn=`echo "$cert_data" \| openssl x509 -issuer -noout 2>/dev/null \| sed -n 's/ issuer=//p'`
			`if [ -n "$issue_dn" ]; then`
			Rissuer=`echo $issue_dn \| sed -n -e 's/, CN = / - /g' -e 's/.*O = //p'`
			`else`
			`Rissuer=""`
			`fi`
			`else`
			`Rcert=false`
			`fi`

			`echo "{ \"cert\": ${Rcert}, \"valid_hostname\": ${Rhostname}, \"remaining_days\": ${Rdays}, \"issuer\": \"${Rissuer}\"}"`