#!/usr/bin/sh #---------------------------------------------------------------------------------------- # /var/install/config.d/certs_dehydrated-show-validity # # Copyright (c) 2016-2025 The Eisfair Team, team(at)eisfair(dot)org # # Creation: 2016-09-02 jed # Last Update: $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------------------- # include eislib etc. . /var/install/include/eislib . /var/install/include/jedlib # debug mode true/false #debug=true if ${debug:-false} then exec 2>/tmp/$(basename ${0})-config-$$.log set -x ask_debug=true export ask_debug fi EXEC_CMD="$0 $*" pgmname=`basename $0` module_name=`basename $0 | cut -d- -f1` logdir=/var/log configfile=/etc/config.d/${module_name} ssldir=/usr/local/ssl certdir=${ssldir}/certs openssl_bin=/usr/bin/openssl openssl_file=${ssldir}/openssl.cnf currdate=`date +'%Y-%m-%d'` # check if screensize handling is available act_pmode=`get_printmode` if [ -n "${_EISLIB_SCREENSIZE_Y}" ] then if check_screensize then # # define maxrownum = _EISLIB_SCREENSIZE # - 3 Header Lines # - 1 Footer Lines # ask line maxrownum=`expr ${_EISLIB_SCREENSIZE_Y} - 4` true else mecho --info "Return to calling script" exit 1 fi else # default if screensize handling is not available maxrownum=18 fi # load configuration . ${configfile} if [ -n "${DEHYDRATED_DOMAIN_N}" -a ${DEHYDRATED_DOMAIN_N} -gt 0 ] then idx=1 row=0 print_header=1 while [ ${idx} -le ${DEHYDRATED_DOMAIN_N} ] do if [ ${print_header} -eq 1 ] then # print header clrhome mecho --info "Show Let’s Encrypt certificate validity" echo techo --begin 5r 1 29 23 22 techo --row --info 'Nbr' '' --info 'Certificate Name' --info 'Valid from' --info 'Valid until' print_header=0 fi eval active='$DEHYDRATED_DOMAIN_'${idx}'_ACTIVE' if [ "${active}" = 'yes' ] then # active entry eval domain='$DEHYDRATED_DOMAIN_'${idx}'_NAME' domain=`echo "${domain}" | cut -d: -f1` cert_file=${certdir}/${domain}.pem if [ -s ${cert_file} ] then # openssl may print error messages subject=`${openssl_bin} x509 -in "${cert_file}" -noout -subject | cut -d' ' -f2- | sed 's/^[^a-z0-9]*//'` startdate=`${openssl_bin} x509 -in "${cert_file}" -noout -startdate | cut -d= -f2` startdate=`date -d "${startdate}" +'%Y-%m-%d %H:%M %Z'` enddate=`${openssl_bin} x509 -in "${cert_file}" -noout -enddate | cut -d= -f2` enddate=`date -d "${enddate}" +'%Y-%m-%d %H:%M %Z'` # check if certificate validity is below a specific limit diffdays=`get_diff_days "${currdate}" "${enddate}"` if [ ${diffdays} -le 14 ] then tag="--warn" else tag='' fi techo --row "${idx}" '' "${subject}" "${startdate}" ${tag} "${enddate}" else # file not found techo --row "${idx}" '' --warn "${domain}.pem" --warn "certificate not found!" fi row=`expr ${row} + 1` fi if [ ${row} -eq ${maxrownum} -o ${idx} -ge ${DEHYDRATED_DOMAIN_N} ] then # request key input print_header=1 echo anykey fi idx=`expr ${idx} + 1` done fi techo --end #======================================================================================== # end #======================================================================================== exit 0