initial commit

1 files changed, 77 insertions, 0 deletions

diff --git a/check-email b/check-email
new file mode 100755
index 0000000..55d36c5
--- /dev/null
+++ b/check-email
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+if [ $# -eq 0 ]; then
+  mail=$(cat)
+else
+  mail=$(cat "$1")
+fi
+
+header=$(
+  printf '%s\n' "${mail}" | \
+    sed '/^$/q'
+)
+
+if ! printf '%s\n' "${header}" | \
+  grep -q '^From expiry@letsencrypt\.org' || \
+  ! printf '%s\n' "${header}" | \
+  grep -qxF 'From: Let'"'"'s Encrypt Expiry Bot <expiry@letsencrypt.org>'; then
+  >&2 echo 'This mail is not from letsencrypt'"'"'s Expiry Bot - ignoring.'
+  exit
+fi
+
+claimed_expire_date=$(
+  date -d"$(
+    printf '%s\n' "${mail}" | \
+      sed '
+        s/^.*Your certificate (or certificates) for the names listed below will expire in [0-9]\+ days\? (on \([^)]\+\))\..*$/\1/
+        t
+        d
+      '
+  )" '+%s'
+)
+
+domains=$(
+  printf '%s\n' "${mail}" | \
+    sed -n '
+      / for details\.$/,/^For any questions or support, / {
+        /^$/,/^$/ {
+          /^$/! p
+        }
+      }
+    '
+)
+
+if [ -z "${domains}" ] || [ -z "${claimed_expire_date}" ]; then
+  >&2 echo 'Could not extract domains/expiration date from letsencrypt email - did the format change?'
+  exit 1
+fi
+
+exit_code=0
+
+for domain in ${domains}; do
+  real_expire_date=$(
+    date -d"$(
+      openssl s_client -showcerts -servername "${domain}" -connect "${domain}:443" </dev/null 2>/dev/null | \
+        openssl x509 -noout -dates | \
+        sed '
+          s/^notAfter=//
+          t
+          d
+        '
+    )" '+%s'
+  )
+  if [ -z "${real_expire_date}" ]; then
+    >&2 printf  'could not determine expiration date of cert for %s\n' \
+      "${domain}"
+    exit_code=2
+  fi
+  if [ ${claimed_expire_date} -ge ${real_expire_date} ]; then
+    >&2 printf  'certificate for %s really expires!\n' \
+      "${domain}"
+    if [ ${exit_code} -le 1 ]; then
+      exit_code=1
+    fi
+  fi
+done
+
+exit ${exit_code}