#!/bin/bash if [ $# -eq 0 ]; then mail=$(cat) else mail=$(cat "$1") fi header=$( printf '%s\n' "${mail}" | \ sed '/^$/q' ) if ! printf '%s\n' "${header}" | \ grep -q '^From expiry@letsencrypt\.org' || \ ! printf '%s\n' "${header}" | \ grep -qxF 'From: Let'"'"'s Encrypt Expiry Bot '; then # This mail is not from letsencrypt's Expiry Bot - ignore printf '%s\n' "${mail}" exit fi body=$( printf '%s\n' "${mail}" | \ sed '1,/^$/ d' ) claimed_expire_date=$( date -d"$( printf '%s\n' "${body}" | \ sed ' s/^.*Your certificate (or certificates) for the names listed below will expire in [0-9]\+ days\? (on \([^)]\+\))\..*$/\1/ t d ' )" '+%s' 2>/dev/null ) domains=$( printf '%s\n' "${body}" | \ sed -n ' / for details\.$/,/^For any questions or support, / { /^$/,/^$/ { /^$/! p } } ' ) if [ -z "${domains}" ] || [ -z "${claimed_expire_date}" ]; then printf '%s\n' \ "${header}" | \ sed ' s/^Subject:\s\+/\0PARSE ERROR --- / ' printf '\n' printf '%s FAILED TO PARSE THIS MESSAGE!\n\n' \ "$0" printf '%s\n' \ "${body}" exit fi regex='' for domain in ${domains}; do domain_regex=$( printf '%s\n' "${domain}" | \ sed 's/[.]/\\\0/g' ) real_expire_date=$( date -d"$( openssl s_client -showcerts -servername "${domain}" -connect "${domain}:443" /dev/null | \ openssl x509 -noout -dates 2>/dev/null | \ sed ' s/^notAfter=// t d ' )" '+%s' 2>/dev/null ) if [ -z "${real_expire_date}" ]; then regex="${regex};s@^\\s*${domain_regex}\\s*@\0 (EXPIRATION UNKNOWN)@" continue fi if [ ${claimed_expire_date} -ge ${real_expire_date} ]; then regex="${regex};s@^\\s*${domain_regex}\\s*@\0 (EXPIRATION CONFIRMED)@" continue fi regex="${regex};s@^\\s*${domain_regex}\\s*@\0 (expiration actually $(((real_expire_date-claimed_expire_date)/24/60/60)) days later)@" done printf '%s\n\n' \ "${header}" printf '%s\n' \ "${body}" | \ sed "${regex}"