From 5efdb623bc26c480848c208cca8088d5327d8f4b Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Tue, 25 Jun 2019 09:52:30 +0200 Subject: initial commit --- check-email | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100755 check-email diff --git a/check-email b/check-email new file mode 100755 index 0000000..55d36c5 --- /dev/null +++ b/check-email @@ -0,0 +1,77 @@ +#!/bin/bash + +if [ $# -eq 0 ]; then + mail=$(cat) +else + mail=$(cat "$1") +fi + +header=$( + printf '%s\n' "${mail}" | \ + sed '/^$/q' +) + +if ! printf '%s\n' "${header}" | \ + grep -q '^From expiry@letsencrypt\.org' || \ + ! printf '%s\n' "${header}" | \ + grep -qxF 'From: Let'"'"'s Encrypt Expiry Bot '; then + >&2 echo 'This mail is not from letsencrypt'"'"'s Expiry Bot - ignoring.' + exit +fi + +claimed_expire_date=$( + date -d"$( + printf '%s\n' "${mail}" | \ + sed ' + s/^.*Your certificate (or certificates) for the names listed below will expire in [0-9]\+ days\? (on \([^)]\+\))\..*$/\1/ + t + d + ' + )" '+%s' +) + +domains=$( + printf '%s\n' "${mail}" | \ + sed -n ' + / for details\.$/,/^For any questions or support, / { + /^$/,/^$/ { + /^$/! p + } + } + ' +) + +if [ -z "${domains}" ] || [ -z "${claimed_expire_date}" ]; then + >&2 echo 'Could not extract domains/expiration date from letsencrypt email - did the format change?' + exit 1 +fi + +exit_code=0 + +for domain in ${domains}; do + real_expire_date=$( + date -d"$( + openssl s_client -showcerts -servername "${domain}" -connect "${domain}:443" /dev/null | \ + openssl x509 -noout -dates | \ + sed ' + s/^notAfter=// + t + d + ' + )" '+%s' + ) + if [ -z "${real_expire_date}" ]; then + >&2 printf 'could not determine expiration date of cert for %s\n' \ + "${domain}" + exit_code=2 + fi + if [ ${claimed_expire_date} -ge ${real_expire_date} ]; then + >&2 printf 'certificate for %s really expires!\n' \ + "${domain}" + if [ ${exit_code} -le 1 ]; then + exit_code=1 + fi + fi +done + +exit ${exit_code} -- cgit v1.2.3-54-g00ecf