paulsorensen.io

Cert Expiry Bot Script

Cert Expiry Bot is a Bash script that monitors SSL certificates for multiple domains and sends Telegram alerts if they are expiring soon. It checks for expirations within 14 and 7 days (configurable) and includes error handling for invalid domains or missing certificates.

Features

  • Monitors SSL certificates for multiple domains.
  • Sends Telegram alerts for certificates expiring within 14 days (long timeframe) and 7 days (short timeframe).
  • Configurable expiration thresholds via cert_expiry_bot.conf.
  • Includes error handling for invalid domains or missing certificates.
  • Easy to set up with a Telegram bot for notifications.

Requirements

Before running the script, ensure that:

  • You have a Telegram bot set up with a bot token and chat ID.
  • OpenSSL is installed to check SSL certificates.
  • curl is installed to send Telegram messages.

Usage

1. Set up a Telegram bot:

  • Create a Telegram bot using BotFather to get your bot token.
  • Send a message to your bot (e.g., “Hi”).
  • Get chat ID: Open https://api.telegram.org/bot<your_bot_token>/getUpdates. Find “chat”:{“id”:<your_chat_id> (e.g., <your_chat_id>).

2. Configure Telegram settings:

  • Copy .env.example to .env:
cp .env.example .env
  • Edit .env and add your TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID.
  • Secure .env:
chmod 600 .env

3. Add domains to monitor:

  • Copy cert_expiry_bot.txt.example to cert_expiry_bot.txt:
cp cert_expiry_bot.txt.example cert_expiry_bot.txt
  • Edit cert_expiry_bot.txt and add one domain per line (e.g., domain1.com).

4. Make the script executable:

chmod +x cert_expiry_bot.sh

5. Test the script:

  • To test, set EXPIRATION_TIME_LONG to 90 in cert_expiry_bot.conf (since domains typically renew 30 days before expiry, this will likely trigger alerts for most domains).
  • Run the script manually:
./cert_expiry_bot.sh

6. Schedule daily checks at 12:00 (noon):

  • Open crontab:
crontab -e
  • Add the following line to run at 12:00 every day (replace the path with your actual path):
0 12 * * * /home/admin/scripts/cronjobs/cert-expiry-bot/cert_expiry_bot.sh

Configuration

Telegram Settings:

  • Set TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID in .env (copy from .env.example).

Domain List:

  • Add domains to cert_expiry_bot.txt (copy from cert_expiry_bot.txt.example).

Expiration Thresholds:

  • The script checks for certificates expiring within 14 days (EXPIRATION_TIME_LONG) and 7 days (EXPIRATION_TIME_SHORT). Modify these in cert_expiry_bot.conf.

Important Notes

  • The script uses openssl to check SSL certificates, so the domains must be accessible over HTTPS on port 443.

Get the Script

cert-expiry-bot

https://github.com/PaulSorensen/cert-expiry-bot

Monitors SSL certificates for domains listed in cert_expiry_bot.txt and sends Telegram alerts if they expire within 14 or 7 days (configurable).

Last Updated: April 14, 2025

Categories: Scripts
Tags: , , , , ,

You may also like

Search: