diff options
| author |  Christian Hesse <mail@eworm.de> | 2019-03-06 13:49:12 +0100 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2019-03-06 13:49:12 +0100 |
| commit | a66713d093d59141ab23e1a282ae9eddb2e7db22 (patch) | |
| tree | ffc98b04710f09704d30c0eaa1f639d3ffa827e0 /check-certificates | |
| parent | 99a23f99e5956b451b05f0a42c07742faf717c12 (diff) | |
check-certificates: split loop for certificate renew and warning
This allows to have differnt time values.
Diffstat (limited to 'check-certificates')
| -rw-r--r-- | check-certificates | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/check-certificates b/check-certificates index 290fd0d..9508f35 100644 --- a/check-certificates +++ b/check-certificates @@ -18,7 +18,7 @@ } } -:foreach Cert in=[ / certificate find where !revoked expires-after<2w ] do={ +:foreach Cert in=[ / certificate find where !revoked expires-after<3w ] do={ :local CertName [ / certificate get $Cert name ]; :local CommonName [ / certificate get $Cert common-name ]; :local FingerPrint [ / certificate get $Cert fingerprint ]; @@ -32,7 +32,7 @@ / certificate import file-name=($CommonName . ".pem") passphrase=$CertRenewPass; / file remove [ find where name=($CommonName . ".pem") ]; - :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint expires-after>2w ]; + :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint expires-after>3w ]; :local CertNameNew [ / certificate get $CertNew name ]; :foreach IpService in=[ / ip service find where certificate=$CertName ] do={ @@ -65,25 +65,32 @@ "Validity: " . $InvalidBefore . " to " . $InvalidAfter); :log info ("The certificate " . $CertName . " has been renewed."); } on-error={ - :local InvalidBefore [ / certificate get $Cert invalid-before ]; - :local InvalidAfter [ / certificate get $Cert invalid-after ]; - :local Issuer [ $GetIssuerCN [ / certificate get $Cert issuer ] ]; + :log debug ("Could not renew certificate " . $CertName "."); + } +} - :local State; - :if ([ / certificate get $Cert expired ] = true) do={ - :set State "expired"; - } else={ - :set State "is about to expire"; - } +:foreach Cert in=[ / certificate find where !revoked expires-after<2w ] do={ + :local CertName [ / certificate get $Cert name ]; + :local CommonName [ / certificate get $Cert common-name ]; + :local FingerPrint [ / certificate get $Cert fingerprint ]; + :local Issuer [ $GetIssuerCN [ / certificate get $Cert issuer ] ]; + :local InvalidBefore [ / certificate get $Cert invalid-before ]; + :local InvalidAfter [ / certificate get $Cert invalid-after ]; - $SendNotification ("Certificate warning!") \ - ("A certificate on " . $Identity . " " . $State . ".\n\n" . \ - "Name: " . $CertName . "\n" . \ - "CommonName: " . $CommonName . "\n" . \ - "Fingerprint: " . $FingerPrint . "\n" . \ - "Issuer: " . $Issuer . "\n" . \ - "Validity: " . $InvalidBefore . " to " . $InvalidAfter); - :log warning ("The certificate " . $CertName . " " . $State . \ - ", it is invalid after " . $InvalidAfter . "."); + :local State; + :if ([ / certificate get $Cert expired ] = true) do={ + :set State "expired"; + } else={ + :set State "is about to expire"; } + + $SendNotification ("Certificate warning!") \ + ("A certificate on " . $Identity . " " . $State . ".\n\n" . \ + "Name: " . $CertName . "\n" . \ + "CommonName: " . $CommonName . "\n" . \ + "Fingerprint: " . $FingerPrint . "\n" . \ + "Issuer: " . $Issuer . "\n" . \ + "Validity: " . $InvalidBefore . " to " . $InvalidAfter); + :log warning ("The certificate " . $CertName . " " . $State . \ + ", it is invalid after " . $InvalidAfter . "."); } |