一、腳本思路
1.openssl s_client? 獲取證書(shū)有效期
2.將相關(guān)時(shí)間做時(shí)間戳轉(zhuǎn)換,轉(zhuǎn)換成天數(shù)
3. 調(diào)用釘釘群組機(jī)器人做證書(shū)有效期預(yù)警
# cat? ssl_validity_alarm.sh
#############################################################
#!/bin/bash
# 加載環(huán)境變量
. /etc/profile
. ~/.bash_profile
. /etc/bashrc
# 被檢測(cè)的域名和端口
domain_name="www.example.com"
domain_port="443"
advance_warning_days="300"
# 獲取腳本所在目錄、腳本名稱(chēng)
script_dir=$( cd "$( dirname "$0"? )" && pwd )
script_name=$(basename ${0})
# 釘釘群組機(jī)器人地址
robot_webhook_url="https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxx"
# 創(chuàng)建釘釘機(jī)器人告警函數(shù)
send_robot_warning() {
? curl -X POST "${robot_webhook_url}" \
? ? -H 'Content-Type: application/json' \
? ? -d ' {"msgtype": "text", "text": {"content": "'"$1"'"}}'
}
# 用openssl獲取域名的證書(shū)到期日期
cert_end_time=$(echo | openssl s_client -servername ${domain_name} -connect ${domain_name}:${domain_port} 2>/dev/null | openssl x509 -noout -dates |grep 'After'| awk -F '=' '{print $2}'| awk -F ' +' '{print $1,$2,$4 }' )
# 將證書(shū)到期日期轉(zhuǎn)化為時(shí)間戳
cert_end_timestamp=$(date +%s -d "$cert_end_time")
# 將當(dāng)前日期轉(zhuǎn)化為時(shí)間戳
now_timestamp=$(date +%s -d "$(date "+%Y-%m-%d %H:%M:%S")")
# 到期時(shí)間減去目前時(shí)間,再轉(zhuǎn)化為天數(shù)
rest_time=$(($(($cert_end_timestamp - $now_timestamp))/(60*60*24)))
echo "證書(shū)有效天數(shù)剩余:${rest_time}"
if [ "${rest_time}" -lt "${advance_warning_days}" ];then
? send_robot_warning "${domain_name} SSL證書(shū)有效期少于${advance_warning_days}天,存在過(guò)期風(fēng)險(xiǎn),請(qǐng)關(guān)注!"
fi
#############################################################
二、釘釘群組機(jī)器人創(chuàng)建注意事項(xiàng)
1. 開(kāi)啟消息推送
2. 設(shè)置自定義關(guān)鍵字,而且發(fā)送消息中必須包含自定義關(guān)鍵字
3.不要設(shè)置加簽
三、腳本測(cè)試
# sh? ssl_validity_alarm.sh
四、參考
OpenSSL s_client 獲取keytool證書(shū)和openSSLl證書(shū)
http://www.lxweimin.com/p/09773dc15cbc
OpenSSL Command-Line
https://www.madboa.com/geek/openssl/#cert-retrieve
用shell腳本監(jiān)控https證書(shū)到期時(shí)間
https://blog.slogra.com/post-772.html
https://www.dgstack.cn/archives/3227.html
https://blog.csdn.net/weixin_43876317/article/details/109044133
釘釘開(kāi)放平臺(tái)文檔
https://open.dingtalk.com
https://www.alibabacloud.com/help/zh/doc-detail/108367.htm
https://developers.dingtalk.com/document/app/document-upgrade-notice#/serverapi2/qf2nxq
云之家群組機(jī)器人開(kāi)發(fā)者文檔
https://open.yunzhijia.com/gitbook-wiki/server-api/im-robot.html
使用certbot-auto申請(qǐng)Let’s Encrypt Wildcard證書(shū)
https://blog.slogra.com/post-746.html
PythonN實(shí)現(xiàn)釘釘發(fā)送報(bào)警消息
https://www.freesion.com/article/5057722191
使用python檢查SSL證書(shū)到期情況
https://python.01314.cn/201812519.html