script to test for opnsense certificates about to expire.

hboetes · December 30, 2020, 01:50:06 PM

To warn me before certificates expire I wrote this little script. I hope this might be useful to someone.

If anyone knows about a more elegant method — preferably already implemented in opnsense itself — please let me know.

#!/bin/sh
# Email recipient of the warning emails.
recp=root
# List of servers
servers="firewall01 firewall02 firewall03"

nextmonth=$(TZ=GMT LC_TIME=C date '+%b.*%Y' --date='00:00 next Month')
for server in $servers; do
exp=$(ssh root@$server openssl x509 -in /var/etc/cert.pem -text -noout | grep 'Not After')
if echo $exp|grep -q $nextmonth; then
msg="${server}'s certificate is about to expire, go fix that ASAP"
echo "$msg" | mail -s "$msg" $recp
fi
done

script to test for opnsense certificates about to expire.

hboetes

December 30, 2020, 01:50:06 PM