For those who want a local (non-cloud) tool for checking TLS certificate expiration as a result of Let's Encrypt dropping support for expiration notices via email, here's a small shell script which will do it. It needs the OpenSSL command-line tool and an email sender (I use msmtp):
#!/bin/bash
MINIMUM_EXPIRY_DAYS={{ minimum_expiry_days }}
MINIMUM_EXPIRY=$((${MINIMUM_EXPIRY_DAYS} * 86400))
for cert in /etc/letsencrypt/live/*/cert.pem
do
echo Checking ${cert}
if openssl x509 -noout -in ${cert} -checkend ${MINIMUM_EXPIRY} > /dev/null
then
:
else
msmtp --read-envelope-from --read-recipients <<EOF
From: (sender address here)
To: (recipient address here)
Subject: Certificate Expiration Alert
${cert} will expire in fewer than ${MINIMUM_EXPIRY_DAYS} days.
EOF
fi
done
CC Let's Encrypt (npub19zc…jfcm) John Sullivan (npub1ras…fswq)
#LetsEncrypt
Kevin P. Fleming
npub1ca…2209l
2025-02-16 14:02:09 UTC
Author Public Key
npub1cay7rqkh6kyjg9svtqx936phg7r3w0gtaaxxq7d25npnuae8uj6qj2209lSeen on
wss://relay.momostr.pinkPublished at
2025-02-16 14:02:09 UTCEvent JSON
{
"id": "1736f94aeef685493bb8f273de7beb18dc8afe506a67ec39f2fe83bd842a7177",
"pubkey": "c749e182d7d58924160c580c58e8374787173d0bef4c6079aaa4c33e7727e4b4",
"created_at": 1739714529,
"kind": 1,
"tags": [
[
"p",
"1f60ae2ef3563f04b6878d6e85028449b733bd0cdfcbab9e39eb99b882e8d56d"
],
[
"t",
"letsencrypt"
],
[
"p",
"28b0d5eb0b019a92f5d5a87b9cfab9da680e09901d36fcab29a2d3d08271c947"
],
[
"proxy",
"https://mastodon.km6g.us/@kevin/114013931375299449",
"web"
],
[
"proxy",
"https://mastodon.km6g.us/users/kevin/statuses/114013931375299449",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.km6g.us/users/kevin/statuses/114013931375299449",
"pink.momostr"
],
[
"-"
]
],
"content": "For those who want a local (non-cloud) tool for checking TLS certificate expiration as a result of Let's Encrypt dropping support for expiration notices via email, here's a small shell script which will do it. It needs the OpenSSL command-line tool and an email sender (I use msmtp):\n\n#!/bin/bash\n\nMINIMUM_EXPIRY_DAYS={{ minimum_expiry_days }}\nMINIMUM_EXPIRY=$((${MINIMUM_EXPIRY_DAYS} * 86400))\n\nfor cert in /etc/letsencrypt/live/*/cert.pem\ndo\n echo Checking ${cert}\n if openssl x509 -noout -in ${cert} -checkend ${MINIMUM_EXPIRY} \u003e /dev/null\n then\n\t:\n else\n\tmsmtp --read-envelope-from --read-recipients \u003c\u003cEOF\nFrom: (sender address here)\nTo: (recipient address here)\nSubject: Certificate Expiration Alert\n\n${cert} will expire in fewer than ${MINIMUM_EXPIRY_DAYS} days.\nEOF\n fi\ndone\n\nCC nostr:npub19zcdt6ctqxdf9aw44paee74emf5quzvsr5m0e2ef5tfapqn3e9rs3yjfcm nostr:npub1ras2uthn2clsfd5834hg2q5yfxmn80gvml96h83eawvm3qhg64ks0cfswq \n\n#LetsEncrypt",
"sig": "fe39b00476e7b1caf1c25457de4078c11d6b3db97e52f462e7af6cc47fe578ed31be0b78cf0f9aac8a37c46af111631c072a480d4fac425aac0aed1112432067"
}