aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2019-03-06 13:49:12 +0100
committerGravatar Christian Hesse <mail@eworm.de>2019-03-06 13:49:12 +0100
commita66713d093d59141ab23e1a282ae9eddb2e7db22 (patch)
treeffc98b04710f09704d30c0eaa1f639d3ffa827e0
parent99a23f99e5956b451b05f0a42c07742faf717c12 (diff)
check-certificates: split loop for certificate renew and warning
This allows to have differnt time values.
-rw-r--r--check-certificates47
1 files changed, 27 insertions, 20 deletions
diff --git a/check-certificates b/check-certificates
index 290fd0d..9508f35 100644
--- a/check-certificates
+++ b/check-certificates
@@ -18,7 +18,7 @@
}
}
-:foreach Cert in=[ / certificate find where !revoked expires-after<2w ] do={
+:foreach Cert in=[ / certificate find where !revoked expires-after<3w ] do={
:local CertName [ / certificate get $Cert name ];
:local CommonName [ / certificate get $Cert common-name ];
:local FingerPrint [ / certificate get $Cert fingerprint ];
@@ -32,7 +32,7 @@
/ certificate import file-name=($CommonName . ".pem") passphrase=$CertRenewPass;
/ file remove [ find where name=($CommonName . ".pem") ];
- :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint expires-after>2w ];
+ :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint expires-after>3w ];
:local CertNameNew [ / certificate get $CertNew name ];
:foreach IpService in=[ / ip service find where certificate=$CertName ] do={
@@ -65,25 +65,32 @@
"Validity: " . $InvalidBefore . " to " . $InvalidAfter);
:log info ("The certificate " . $CertName . " has been renewed.");
} on-error={
- :local InvalidBefore [ / certificate get $Cert invalid-before ];
- :local InvalidAfter [ / certificate get $Cert invalid-after ];
- :local Issuer [ $GetIssuerCN [ / certificate get $Cert issuer ] ];
+ :log debug ("Could not renew certificate " . $CertName ".");
+ }
+}
- :local State;
- :if ([ / certificate get $Cert expired ] = true) do={
- :set State "expired";
- } else={
- :set State "is about to expire";
- }
+:foreach Cert in=[ / certificate find where !revoked expires-after<2w ] do={
+ :local CertName [ / certificate get $Cert name ];
+ :local CommonName [ / certificate get $Cert common-name ];
+ :local FingerPrint [ / certificate get $Cert fingerprint ];
+ :local Issuer [ $GetIssuerCN [ / certificate get $Cert issuer ] ];
+ :local InvalidBefore [ / certificate get $Cert invalid-before ];
+ :local InvalidAfter [ / certificate get $Cert invalid-after ];
- $SendNotification ("Certificate warning!") \
- ("A certificate on " . $Identity . " " . $State . ".\n\n" . \
- "Name: " . $CertName . "\n" . \
- "CommonName: " . $CommonName . "\n" . \
- "Fingerprint: " . $FingerPrint . "\n" . \
- "Issuer: " . $Issuer . "\n" . \
- "Validity: " . $InvalidBefore . " to " . $InvalidAfter);
- :log warning ("The certificate " . $CertName . " " . $State . \
- ", it is invalid after " . $InvalidAfter . ".");
+ :local State;
+ :if ([ / certificate get $Cert expired ] = true) do={
+ :set State "expired";
+ } else={
+ :set State "is about to expire";
}
+
+ $SendNotification ("Certificate warning!") \
+ ("A certificate on " . $Identity . " " . $State . ".\n\n" . \
+ "Name: " . $CertName . "\n" . \
+ "CommonName: " . $CommonName . "\n" . \
+ "Fingerprint: " . $FingerPrint . "\n" . \
+ "Issuer: " . $Issuer . "\n" . \
+ "Validity: " . $InvalidBefore . " to " . $InvalidAfter);
+ :log warning ("The certificate " . $CertName . " " . $State . \
+ ", it is invalid after " . $InvalidAfter . ".");
}