一、腳本思路

1.openssl s_client? 獲取證書(shū)有效期

2.將相關(guān)時(shí)間做時(shí)間戳轉(zhuǎn)換，轉(zhuǎn)換成天數(shù)

3. 調(diào)用釘釘群組機(jī)器人做證書(shū)有效期預(yù)警

# cat? ssl_validity_alarm.sh

#############################################################

#!/bin/bash

# 加載環(huán)境變量

. /etc/profile

. ~/.bash_profile

. /etc/bashrc

# 被檢測(cè)的域名和端口

domain_name="www.example.com"

domain_port="443"

advance_warning_days="300"

# 獲取腳本所在目錄、腳本名稱(chēng)

script_dir=$( cd "$( dirname "$0"? )" && pwd )

script_name=$(basename ${0})

# 釘釘群組機(jī)器人地址

robot_webhook_url="https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxx"

# 創(chuàng)建釘釘機(jī)器人告警函數(shù)

send_robot_warning() {

? curl -X POST "${robot_webhook_url}" \

? ? -H 'Content-Type: application/json' \

? ? -d ' {"msgtype": "text", "text": {"content": "'"$1"'"}}'

}

# 用openssl獲取域名的證書(shū)到期日期

cert_end_time=$(echo | openssl s_client -servername ${domain_name} -connect ${domain_name}:${domain_port} 2>/dev/null | openssl x509 -noout -dates |grep 'After'| awk -F '=' '{print $2}'| awk -F ' +' '{print $1,$2,$4 }' )

# 將證書(shū)到期日期轉(zhuǎn)化為時(shí)間戳

cert_end_timestamp=$(date +%s -d "$cert_end_time")

# 將當(dāng)前日期轉(zhuǎn)化為時(shí)間戳

now_timestamp=$(date +%s -d "$(date "+%Y-%m-%d %H:%M:%S")")

# 到期時(shí)間減去目前時(shí)間，再轉(zhuǎn)化為天數(shù)

rest_time=$(($(($cert_end_timestamp - $now_timestamp))/(60*60*24)))

echo "證書(shū)有效天數(shù)剩余：${rest_time}"

if [ "${rest_time}" -lt "${advance_warning_days}" ];then

? send_robot_warning "${domain_name} SSL證書(shū)有效期少于${advance_warning_days}天，存在過(guò)期風(fēng)險(xiǎn)，請(qǐng)關(guān)注！"

fi

#############################################################

二、釘釘群組機(jī)器人創(chuàng)建注意事項(xiàng)

1. 開(kāi)啟消息推送

2. 設(shè)置自定義關(guān)鍵字，而且發(fā)送消息中必須包含自定義關(guān)鍵字

3.不要設(shè)置加簽

三、腳本測(cè)試

# sh? ssl_validity_alarm.sh

四、參考

OpenSSL s_client 獲取keytool證書(shū)和openSSLl證書(shū)

http://www.lxweimin.com/p/09773dc15cbc

OpenSSL Command-Line

https://www.madboa.com/geek/openssl/#cert-retrieve

用shell腳本監(jiān)控https證書(shū)到期時(shí)間

https://blog.slogra.com/post-772.html

https://www.dgstack.cn/archives/3227.html

https://blog.csdn.net/weixin_43876317/article/details/109044133

釘釘開(kāi)放平臺(tái)文檔

https://open.dingtalk.com

https://www.alibabacloud.com/help/zh/doc-detail/108367.htm

https://developers.dingtalk.com/document/app/document-upgrade-notice#/serverapi2/qf2nxq

云之家群組機(jī)器人開(kāi)發(fā)者文檔

https://open.yunzhijia.com/gitbook-wiki/server-api/im-robot.html

使用certbot-auto申請(qǐng)Let’s Encrypt Wildcard證書(shū)

https://blog.slogra.com/post-746.html

PythonN實(shí)現(xiàn)釘釘發(fā)送報(bào)警消息

https://www.freesion.com/article/5057722191

使用python檢查SSL證書(shū)到期情況

https://python.01314.cn/201812519.html