diff options
author | Erich Eckner <git@eckner.net> | 2019-06-25 09:52:30 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-06-25 09:52:30 +0200 |
commit | 5efdb623bc26c480848c208cca8088d5327d8f4b (patch) | |
tree | 2d25016c14d796b1d9f13a19421d139faa4af8ed | |
download | letsencrypt-all-clear-giver-5efdb623bc26c480848c208cca8088d5327d8f4b.tar.xz |
initial commit
-rwxr-xr-x | check-email | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/check-email b/check-email new file mode 100755 index 0000000..55d36c5 --- /dev/null +++ b/check-email @@ -0,0 +1,77 @@ +#!/bin/bash + +if [ $# -eq 0 ]; then + mail=$(cat) +else + mail=$(cat "$1") +fi + +header=$( + printf '%s\n' "${mail}" | \ + sed '/^$/q' +) + +if ! printf '%s\n' "${header}" | \ + grep -q '^From expiry@letsencrypt\.org' || \ + ! printf '%s\n' "${header}" | \ + grep -qxF 'From: Let'"'"'s Encrypt Expiry Bot <expiry@letsencrypt.org>'; then + >&2 echo 'This mail is not from letsencrypt'"'"'s Expiry Bot - ignoring.' + exit +fi + +claimed_expire_date=$( + date -d"$( + printf '%s\n' "${mail}" | \ + sed ' + s/^.*Your certificate (or certificates) for the names listed below will expire in [0-9]\+ days\? (on \([^)]\+\))\..*$/\1/ + t + d + ' + )" '+%s' +) + +domains=$( + printf '%s\n' "${mail}" | \ + sed -n ' + / for details\.$/,/^For any questions or support, / { + /^$/,/^$/ { + /^$/! p + } + } + ' +) + +if [ -z "${domains}" ] || [ -z "${claimed_expire_date}" ]; then + >&2 echo 'Could not extract domains/expiration date from letsencrypt email - did the format change?' + exit 1 +fi + +exit_code=0 + +for domain in ${domains}; do + real_expire_date=$( + date -d"$( + openssl s_client -showcerts -servername "${domain}" -connect "${domain}:443" </dev/null 2>/dev/null | \ + openssl x509 -noout -dates | \ + sed ' + s/^notAfter=// + t + d + ' + )" '+%s' + ) + if [ -z "${real_expire_date}" ]; then + >&2 printf 'could not determine expiration date of cert for %s\n' \ + "${domain}" + exit_code=2 + fi + if [ ${claimed_expire_date} -ge ${real_expire_date} ]; then + >&2 printf 'certificate for %s really expires!\n' \ + "${domain}" + if [ ${exit_code} -le 1 ]; then + exit_code=1 + fi + fi +done + +exit ${exit_code} |