Domain Expiry Script

Iyyappan · 05-09-2014, 07:19 AM

Hi,

I m using the script from this site http://www.cyberciti.biz/tips/domain-check-script.html to monitor domain expiry. Have modified it to monitor other domain sites.. But sites with three names, I am unable to get an o/p. Sites like email.domain.com is not working..

I m getting unknown as o/p

Domain Registrar Status Expires Days Left
----------------------------------- ---------------------------------------- -------------------- ----------- ---------
email.xxxx.com Unknown Unknown Unknown Unknown

Let me know how to modify the script to monitor email.xxxxx.com

TenTenths · 05-09-2014, 08:24 AM

email.xxxxx.com is simply a sub-domain of xxxxx.com it will not have its own registration or expiry.

It is therefore pointless to check for email.xxxxx.com

Iyyappan · 05-09-2014, 08:27 AM

ok s i cross checked both email.xxxx.com and xxxx.com and both are same....thanks

Iyyappan · 05-09-2014, 08:54 AM

I have many subdomain sites..... Certificate expiry of subdomain ( abc.werty.com ) is different than domain ( werty.com ) as certificates were procured at different dates.

o/p of script is uknown where ever there is subdomain.

TenTenths · 05-09-2014, 09:18 AM

Are you now asking about SSL certificate expiry for abc.werty.com rather than domain registration expiry?

Iyyappan · 05-19-2014, 12:47 AM

Yes I am asking about SSL certificate expiry for abc.werty.com. ssl expiry script is working only for sites which has one name like google.com, yahoo.com.. If site name is like abc.werty.com, it gives dates left as -2456793. We have many sites like abc.werty.com, for which we need to monitor ssl expiry ..

TenTenths · 05-19-2014, 01:15 AM

This will give the certificate expiry date, feel free to write a whole script around it.

Code:

#!/bin/bash

DOMAIN=abc.werty.com

EXPIRES=$(echo | openssl s_client -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -noout -dates | grep notAfter | awk -F= {'print $2'})

echo "SSL Cert Expires: ${EXPIRE"

Iyyappan · 05-19-2014, 01:33 AM

I tried urs for google.com domain. I get the below output

SSL Cert Expires: Aug 5 00:00:00 2014 GMT

I used the below script.. This works for sites like gmail.com, yahoo.com, google.com....

####sh test.sh -d google.com

Domain Registrar Status Expires Days Left
----------------------------------- ----------------- -------- ----------- ---------
MARKMONITOR INC.
google.com MARKMONITOR INC. Valid 14-sep-2020 2310

But it does not work for domains like abc.werty.com.... for example below one

sh test.sh -d email.google.com

Domain Registrar Status Expires Days Left
----------------------------------- ----------------- -------- ----------- ---------

email.google.com Unknown Unknown Unknown Unknown

PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/ssl/bin:/usr/sfw/bin ; export PATH

# Who to page when an expired domain is detected (cmdline: -e)
ADMIN="sysadmin@mydomain.com"

# Number of days in the warning threshhold (cmdline: -x)
WARNDAYS=30

# If QUIET is set to TRUE, don't print anything on the console (cmdline: -q)
QUIET="FALSE"

# Don't send emails by default (cmdline: -a)
ALARM="FALSE"

# Whois server to use (cmdline: -s)
WHOIS_SERVER="whois.internic.org"

# Location of system binaries
AWK="/bin/awk"
WHOIS="/usr/bin/whois"
DATE="/bin/date"

# Place to stash temporary files
WHOIS_TMP="/var/tmp/whois.$$"

#############################################################################
# Purpose: Convert a date from MONTH-DAY-YEAR to Julian format
# Acknowledgements: Code was adapted from examples in the book
# "Shell Scripting Recipes: A Problem-Solution Approach"
# ( ISBN 1590594711 )
# Arguments:
# $1 -> Month (e.g., 06)
# $2 -> Day (e.g., 08)
# $3 -> Year (e.g., 2006)
#############################################################################
date2julian()
{
if [ "${1} != "" ] && [ "${2} != "" ] && [ "${3}" != "" ]
then
## Since leap years add aday at the end of February,
## calculations are done from 1 March 0000 (a fictional year)
d2j_tmpmonth=$((12 * ${3} + ${1} - 3))
## If it is not yet March, the year is changed to the previous year
d2j_tmpyear=$(( ${d2j_tmpmonth} / 12))

## The number of days from 1 March 0000 is calculated
## and the number of days from 1 Jan. 4713BC is added
echo $(( (734 * ${d2j_tmpmonth} + 15) / 24 - 2 * ${d2j_tmpyear} + ${d2j_tmpyear}/4
- ${d2j_tmpyear}/100 + ${d2j_tmpyear}/400 + $2 + 1721119 ))
else
echo 0
fi
}

#############################################################################
# Purpose: Convert a string month into an integer representation
# Arguments:
# $1 -> Month name (e.g., Sep)
#############################################################################
getmonth()
{
LOWER=`tolower $1`

case ${LOWER} in
jan) echo 1 ;;
feb) echo 2 ;;
mar) echo 3 ;;
apr) echo 4 ;;
may) echo 5 ;;
jun) echo 6 ;;
jul) echo 7 ;;
aug) echo 8 ;;
sep) echo 9 ;;
oct) echo 10 ;;
nov) echo 11 ;;
dec) echo 12 ;;
*) echo 0 ;;
esac
}

#############################################################################
# Purpose: Calculate the number of seconds between two dates
# Arguments:
# $1 -> Date #1
# $2 -> Date #2
date_diff()
{
if [ "${1}" != "" ] && [ "${2}" != "" ]
then
echo $(expr ${2} - ${1})
else
echo 0
fi
}

##################################################################
# Purpose: Converts a string to lower case
# Arguments:
# $1 -> String to convert to lower case
##################################################################
tolower()
{
LOWER=`echo ${1} | tr [A-Z] [a-z]`
echo $LOWER
}

##################################################################
# Purpose: Access whois data to grab the registrar and expiration date
# Arguments:
# $1 -> Domain to check
##################################################################
check_domain_status()
{
# Save the domain since set will trip up the ordering
DOMAIN=${1}

# Invoke whois to find the domain registrar and expiration date
${WHOIS} -h ${WHOIS_SERVER} "=${1}" > ${WHOIS_TMP}

# Parse out the expiration date and registrar -- uses the last registrar it finds
REGISTRAR=`cat ${WHOIS_TMP} | ${AWK} -F: '/Registrar/ && $2 != "" { REGISTRAR=substr($2,2,17) } END { print REGISTRAR }'`
echo $REGISTRAR
# If the Registrar is NULL, then we didn't get any data
if [ "${REGISTRAR}" = "" ]
then
prints "$DOMAIN" "Unknown" "Unknown" "Unknown" "Unknown"
return

fi

# The whois Expiration data should resemble teh following: "Expiration Date: 09-may-2008"
DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/Expiration/ { print $NF }'`

# Whois data should be in the following format: "13-feb-2006"
IFS="-"
set -- ${DOMAINDATE}
MONTH=$(getmonth ${2})
IFS=""

# Convert the date to seconds, and get the diff between NOW and the expiration date
DOMAINJULIAN=$(date2julian ${MONTH} ${1#0} ${3})
DOMAINDIFF=$(date_diff ${NOWJULIAN} ${DOMAINJULIAN})

if [ ${DOMAINDIFF} -lt 0 ]
then
if [ "${ALARM}" = "TRUE" ]
then
echo "The domain ${DOMAIN} has expired!" \
| ${MAIL} -s "Domain ${DOMAIN} has expired!" ${ADMIN}
fi

prints ${DOMAIN} "Expired" "${DOMAINDATE}" "${DOMAINDIFF}" ${REGISTRAR}

elif [ ${DOMAINDIFF} -lt ${WARNDAYS} ]
then
if [ "${ALARM}" = "TRUE" ]
then
echo "The domain ${DOMAIN} will expire on ${DOMAINDATE}" \
| ${MAIL} -s "Domain ${DOMAIN} will expire in ${WARNDAYS}-days or less" ${ADMIN}
fi
prints ${DOMAIN} "Expiring" "${DOMAINDATE}" "${DOMAINDIFF}" "${REGISTRAR}"
else
prints ${DOMAIN} "Valid" "${DOMAINDATE}" "${DOMAINDIFF}" "${REGISTRAR}"
fi
}

####################################################
# Purpose: Print a heading with the relevant columns
# Arguments:
# None
####################################################

print_heading()
{
if [ "${QUIET}" != "TRUE" ]
then
printf "\n%-35s %-17s %-8s %-11s %-5s\n" "Domain" "Registrar" "Status" "Expires" "Days Left"
echo "----------------------------------- ----------------- -------- ----------- ---------"
fi
}

#####################################################################
# Purpose: Print a line with the expiraton interval
# Arguments:
# $1 -> Domain
# $2 -> Status of domain (e.g., expired or valid)
# $3 -> Date when domain will expire
# $4 -> Days left until the domain will expire
# $5 -> Domain registrar
#####################################################################
prints()
{
if [ "${QUIET}" != "TRUE" ]
then
MIN_DATE=$(echo $3 | ${AWK} '{ print $1, $2, $4 }')
printf "%-35s %-17s %-8s %-11s %-5s\n" "$1" "$5" "$2" "$MIN_DATE" "$4"
fi
}

##########################################
# Purpose: Describe how the script works
# Arguments:
# None
##########################################
usage()
{
echo "Usage: $0 [ -e email ] [ -x expir_days ] [ -q ] [ -a ] [ -h ]"
echo " {[ -d domain_namee ]} || { -f domainfile}"
echo ""
echo " -a : Send a warning message through email "
echo " -d domain : Domain to analyze (interactive mode)"
echo " -e email address : Email address to send expiration notices"
echo " -f domain file : File with a list of domains"
echo " -h : Print this screen"
echo " -s whois server : Whois sever to query for information"
echo " -q : Don't print anything on the console"
echo " -x days : Domain expiration interval (eg. if domain_date < days)"
echo ""
}

### Evaluate the options passed on the command line
while getopts ae:f:hd:s:qx: option
do
case "${option}"
in
a) ALARM="TRUE";;
e) ADMIN=${OPTARG};;
d) DOMAIN=${OPTARG};;
f) SERVERFILE=$OPTARG;;
s) WHOIS_SERVER=$OPTARG;;
q) QUIET="TRUE";;
x) WARNDAYS=$OPTARG;;
\?) usage
exit 1;;
esac
done

### Check to see if the whois binary exists
if [ ! -f ${WHOIS} ]
then
echo "ERROR: The whois binary does not exist in ${WHOIS} ."
echo " FIX: Please modify the \$WHOIS variable in the program header."
exit 1
fi

### Check to make sure a date utility is available
if [ ! -f ${DATE} ]
then
echo "ERROR: The date binary does not exist in ${DATE} ."
echo " FIX: Please modify the \$DATE variable in the program header."
exit 1
fi

### Baseline the dates so we have something to compare to
MONTH=$(${DATE} "+%m")
DAY=$(${DATE} "+%d")
YEAR=$(${DATE} "+%Y")
NOWJULIAN=$(date2julian ${MONTH#0} ${DAY#0} ${YEAR})

### Touch the files prior to using them
touch ${WHOIS_TMP}

### If a HOST and PORT were passed on the cmdline, use those values
if [ "${DOMAIN}" != "" ]
then
print_heading
check_domain_status "${DOMAIN}"
### If a file and a "-a" are passed on the command line, check all
### of the domains in the file to see if they are about to expire
elif [ -f "${SERVERFILE}" ]
then
print_heading
while read DOMAIN
do
check_domain_status "${DOMAIN}"

done < ${SERVERFILE}

### There was an error, so print a detailed usage message and exit
else
usage
exit 1
fi

# Add an extra newline
echo

### Remove the temporary files
rm -f ${WHOIS_TMP}

### Exit with a success indicator
exit 0

TenTenths · 05-19-2014, 01:41 AM

Quote:

Originally Posted by Iyyappan

I tried urs for google.com domain. I get the below output

SSL Cert Expires: Aug 5 00:00:00 2014 GMT

Which is the date that shows up when I check the cert in my browser, what's your point?

Iyyappan · 06-04-2014, 05:58 AM

Can u help me finding ssl expiry as well...

openssl s_client -connect hostname

ort > cert
openssl x509 -in cert -noout -enddate

Above one is working fine, but I have many mutual authentication websites..... I have imported .pfx certificates in browsers to access those sites...

Can u help to pass the .pfx certificates in openssl s_client command to get ssl expiry details..

I converted .pfx to .pem and tried but I am receiving ssl handshake error, but same is working fine in browser.. think I am passing the certs wrongly

openssl s_client -CAfile /tmp/ac-abc.pem -host abc-ws.site.com -port 443

CONNECTED(00000003)
depth=2 /DC=com/DC=site/OU=applications/OU=entrust/CN=SITECA1
verify error:num=19:self signed certificate in certificate chain
verify return:0
29880:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
29880:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Iyyappan · 06-04-2014, 06:06 AM

Below one worked but I did not get the ssl expiry dates in it ..

openssl s_client -cert /tmp/ac-abc.pem -connect abc-ws.site.com:443

This gives details of Certificate chain, Server certificate, Acceptable client certificate CA names..

chrism01 · 06-04-2014, 06:30 AM

Lots of good examples here http://www.madboa.com/geek/openssl/#cs-smtp

Iyyappan · 06-05-2014, 01:06 AM

can u help to fix this script..

#!/bin/bash
rm /tmp/check.txt
MAILTO="me@gmail.com"
for i in abc.site.com def.site.com
do
openssl s_client -connect $i:443 2> /dev/null| openssl x509 -enddate -noout|sed 's/notAfter\=//' >> /tmp/check.txt
d0=`cat /tmp/check.txt`
while IFS=: read line
do
d1=$(($(($(date --date="$d0" "+%s") - $(date "+%s"))) / 86400))
done < $d0
if [ "$d1" -lt "90" ]; then
echo "Warning: SSL Certificate for $i expires on $d0 has $d1 days until expiry." | /usr/bin/mutt -F /root/.rmuttrc -e 'set content_type="text/html"' $MAILTO -s "SSL Expiry Status"
else
echo "Certificate for $i is valid till $d0"
fi
done

Ouput of /tmp/check.txt
Sep 9 12:00:00 2014 GMT
Apr 8 15:53:21 2023 GMT

Ouput of script is

usr/local/sysadm/sslcheck.sh: line 4: Sep 9 12:00:00 2014 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for abc.site.com is valid till Sep 9 12:00:00 2014 GMT
/usr/local/sysadm/sslcheck.sh: line 4: Sep 9 12:00:00 2014 GMT
Apr 8 15:53:21 2023 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for def.site.com is valid till Sep 9 12:00:00 2014 GMT
Apr 8 15:53:21 2023 GMT

Iyyappan · 06-05-2014, 01:26 AM

modified a bit

#!/bin/bash
rm /tmp/check.txt
MAILTO="me@gmail.com"
for i in abc.site.com def.site.com
do
openssl s_client -connect $i:443 2> /dev/null| openssl x509 -enddate -noout|sed 's/notAfter\=//' > /tmp/check.txt
d0=`cat /tmp/check.txt`
while IFS=: read line
do
d1=$(($(($(date --date="$d0" "+%s") - $(date "+%s"))) / 86400))
done < $d0
if [ "$d1" -lt "90" ]; then
echo "Warning: SSL Certificate for $i expires on $d0 has $d1 days until expiry." | /usr/bin/mutt -F /root/.rmuttrc -e 'set content_type="text/html"' $MAILTO -s "SSL Expiry Status"
else
echo "Certificate for $i is valid till $d0"
fi
done

OUPUT

/usr/local/sysadm/sslcheck.sh: line 4: Sep 9 12:00:00 2014 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for abc.site.com is valid till Sep 9 12:00:00 2014 GMT
/usr/local/sysadm/sslcheck.sh: line 4: Apr 8 15:53:21 2023 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for def.site.com is valid till Apr 8 15:53:21 2023 GMT

Where am I doing mistake...

Iyyappan · 06-05-2014, 06:21 AM

I did a blunder mistake... fixed the script..its working fine...

#!/bin/bash
rm /tmp/check.txt
MAILTO="email@gmail.com"

for i in `cat /usr/local/sysadm/domains.txt`
do
openssl s_client -connect $i:443 2> /dev/null| openssl x509 -enddate -noout|sed 's/notAfter\=//' > /tmp/check.txt
d0="/tmp/check.txt"

while IFS=" :" read -r line

do

d1=$(($(($(date --date="$line" "+%s") - $(date "+%s"))) / 86400))
done < "$d0"
if [ "$d1" -lt "90" ]; then
echo "Warning: SSL Certificate for $i expires on $d0 has $d1 days until expiry." | /usr/bin/mutt -F /root/.rmuttrc -e 'set content_type="text/html"' $MAILTO -s "SSL Expiry Status"
else
echo "Certificate for $i is valid till $line. Days present $d1"
fi
done