Cert Expiry Bot is a Bash script that monitors SSL certificates for multiple domains and sends notifications if they are expiring soon. It checks for expirations within 14 and 7 days (configurable), and includes error handling for invalid domains or missing certificates.
Features
- Monitors SSL certificates for multiple domains.
- Sends notifications for certificates expiring within configurable thresholds.
- Supports multiple notification methods:
- ntfy
- Telegram Bot
- Webhook
- Includes error handling for invalid domains or missing certificates.
- Easy configuration via
.envand.conffiles.
Requirements
curlandopensslmust be installed.- At least one notification method must be configured in
.env.
Usage
1. Configure environment:
- Copy
.env.exampleto.env:
cp .env.example .env- Edit
.envand set one or more of the following:
# ntfy
NTFY_TOPIC=server-topic-123
# Telegram
TELEGRAM_BOT_TOKEN=1234567890:ABC
TELEGRAM_CHAT_ID=9876543210
# Webhook
WEBHOOK_URL=https://webhook.domain.com/endpoint- Secure the file:
chmod 600 .env2. Add domains to monitor:
- Copy
cert_expiry_bot.txt.exampletocert_expiry_bot.txt:
cp cert_expiry_bot.txt.example cert_expiry_bot.txt- Edit
cert_expiry_bot.txtand add one domain per line (e.g., domain1.com).
3. Configure thresholds:
- Edit
cert_expiry_bot.confand adjust if needed, or leave default values:
EXPIRATION_TIME_SHORT=7
EXPIRATION_TIME_LONG=144. Make the script executable:
chmod +x cert_expiry_bot.sh5. Test the script:
- To test, set
EXPIRATION_TIME_LONGto 90 incert_expiry_bot.conf(since domains typically renew 30 days before expiry, this will likely trigger alerts for most domains). - Run the script manually:
./cert_expiry_bot.sh6. Schedule a cron job:
- Edit your crontab:
crontab -e- Add this line to run every day at 12:00:
0 12 * * * /path/to/cert_expiry_bot.shImportant Notes
- The script uses openssl to check SSL certificates, so the domains must be accessible over HTTPS on port 443.
Get the Script
Categories: Scripts
