Steve Kemp's Blog Writings relating to Debian & Free Software

Expiration checking services?

Thu, 31 Oct 2013 12:32:38 GMT

Today I'm recuperating, and almost back to full health.

Unfortunately I made the mistake of online-shopping, oops.

Good job I stopped myself from registaring all the domains, but I did get two that I liked: spare.io & edinburgh.io.

I've updated my database to record them, but I wonder what do other people use to remind them about expiration dates of domains, SSL-certificates, & etc?

I googled and didn't find a definitive free/paid service, but it seems like something lots of people need to be reminded about..

Maybe people just rely on registrars sending strident emails. (Of course the redemption period for domains make it reasonably safe to forget for a day or two, until your customers complain and your emails start to bounce..)

| 8 comments.

 

Comments On This Entry

[gravitar] rjc

Submitted at 21:55:47 on 31 October 2013

Two words - Google Calendar.

Now, I know what you think ;^) but their text (as in SMS) reminders, which you can set as far away or as close to the date/time as you like, are unparalleled.

You can obviously use their email reminders as well but this functionality can be easily replaced by plethora of "remider" software, not to mention 'at', 'cron', etc.

[gravitar] Marius Gedminas

Submitted at 09:15:29 on 1 November 2013

Daily cron script that extracts SSL cert expiration dates from the SSL handshake and scrapes whois output for domain expiration dates, and warns me if less than 60 days are left.

Sadly whois doesn't always show expiration dates :(

[gravitar] Mathis

Submitted at 11:56:01 on 1 November 2013

As my domains don't expire but are renewed automatically, I don't have to monitor that, but I do have a cron job for my SSL certificates. It checks only the symlinks named current.pem which always point to the newest certificate, and its output is mailed to me (if any).

#!/bin/bash

function check_certificate {
file=$1
usage=$2
cert=$(openssl x509 -noout -text -in "$file" | grep "Not After" | sed -e 's#^.*Not After *: ##')
cert_timestamp=$(date --date="$cert" +%s)
now_timestamp=$(date +%s)
diff_seconds=$(expr $cert_timestamp - $now_timestamp)
diff_days=$(expr $diff_seconds / 60 / 60 / 24)
if [ $diff_days -le 14 ]; then
echo ""
echo $diff_days DAYS LEFT: $usage CERTIFICATE $file IS EXPIRING on $cert
fi
}

  1. check Apache SSL certificates and notify if less than 2 weeks remain
    find /etc/apache2/certs -name 'current.pem' | while read file; do
    check_certificate "$file" "APACHE"
    done
  1. check Dovecot SSL certificates and notify if less than 2 weeks remain
    check_certificate "/etc/certs/dovecot.pem" "MAIL SERVER"

[gravitar] Paulo Almeida

Submitted at 15:34:22 on 1 November 2013

For SSL certificates there's the check_ssl_cert Nagios plugin, in nagios-plugins-contrib.

[gravitar] RogerBW

Submitted at 15:57:09 on 1 November 2013

Paulo, is that the same check_ssl_cert that I wrote a year or two back because Nagios didn't offer it? :-) Anyway, that's what I use:

http://firedrake.org/cgi-bin/gitweb.cgi?p=nagios-plugins.git

[gravitar] Steve Kemp

Submitted at 09:08:09 on 2 November 2013

For what it is worth my sysadmin-util repository contains a simple script to check SSL:

Like most other such-scripts it uses openssl to do the connection and parses it in a hoky way.


[gravitar] Thijs

Submitted at 21:29:40 on 2 November 2013

The default Nagios package in Debian includes check_http which can check SSL certificates just fine:
command_line /usr/lib/nagios/plugins/check_http --ssl -p 443 -C 14 -H $ARG1$ -I $HOSTADDRESS$
will turn into a WARNING 14 days before the certificate expires and CRITICAL when it actually is expired.

As for domains, we just use a registrar that auto-renews.

[gravitar] Nux

Submitted at 00:39:39 on 8 November 2013

Congrats on the new domains, I know how a good domain shopping spree feels like.

I do have a problem with the .io registrar though and their lack of consideration for privacy - especially since they seem to be British. In their whois replies they show all the nice information about you - full name, address, phone number, shoe size... I much prefer the .eu or .ro in this regard.

 

Comments are closed on posts which are more than ten days old.

Spiral Logo

Search

Recent Posts

Recent Tags

Links

RSS Feed

  • Subscribe to feed