| 195 |
- |
1 |
#!/bin/bash
|
|
|
2 |
#
|
|
|
3 |
# Issue warning e-mails if SSL certificates expire, using certwatch.
|
|
|
4 |
# See the certwatch.cron(5) man page for details on how to configure.
|
|
|
5 |
#
|
|
|
6 |
|
|
|
7 |
[ -r /etc/sysconfig/certwatch ] && . /etc/sysconfig/certwatch
|
|
|
8 |
|
|
|
9 |
# Use configured httpd binary
|
|
|
10 |
httpd=${HTTPD-/usr/sbin/httpd}
|
|
|
11 |
|
|
|
12 |
# Sanity checks
|
|
|
13 |
test -z "${NOCERTWATCH}" || exit 0
|
|
|
14 |
test -x ${httpd} || exit 0
|
|
|
15 |
test -x /usr/bin/certwatch || exit 0
|
|
|
16 |
test -r /etc/httpd/conf/httpd.conf || exit 0
|
|
|
17 |
test -x /usr/sbin/sendmail || exit 0
|
|
|
18 |
test -x /etc/httpd/modules/mod_ssl.so || exit 0
|
|
|
19 |
test -x /bin/sort || exit 0
|
|
|
20 |
|
|
|
21 |
set -o pipefail # pick up exit code of httpd not sort
|
|
|
22 |
|
|
|
23 |
certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
|
|
|
24 |
RETVAL=$?
|
|
|
25 |
test $RETVAL -eq 0 || exit 0
|
|
|
26 |
|
|
|
27 |
for c in $certs; do
|
|
|
28 |
# Check whether a warning message is needed, then issue one if so.
|
|
|
29 |
/usr/bin/certwatch $CERTWATCH_OPTS -q "$c" &&
|
|
|
30 |
/usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
|
|
|
31 |
done
|