From ea8f39a3017c78cd55caf89b9af9cda2ef0054fb Mon Sep 17 00:00:00 2001 From: jowj Date: Sun, 19 Jan 2020 20:07:46 -0600 Subject: [PATCH] Add ability to check TLS cert expiration dates. - this was more complicated than I thought it would be!! --- get-domain-status.py | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/get-domain-status.py b/get-domain-status.py index 43bfff6..549c708 100644 --- a/get-domain-status.py +++ b/get-domain-status.py @@ -2,15 +2,37 @@ # this has been released on master, but hasn't been pushed to pypi yet. # this is fucking stupid, but ok, lets just get it working for .net for now. import whois -import datetime +from datetime import datetime +import OpenSSL +import ssl +import pdb -sites_to_check = [ +domains_to_check = [ 'jowj.net', ] -current_year = datetime.datetime.today().year +sites_to_check = [ + 'me.jowj.net', + 'bouncer.awful.club', + 'my.awful.club', + 'matrix.awful.club' +] -for site in sites_to_check: - expire_year = whois.query(site).expiration_date.year +current_year = datetime.today().year +today = datetime.today() + +for domain in domains_to_check: + expire_year = whois.query(domain).expiration_date.year + + # if the domain expires in ~1yr or less, throw alert if expire_year - current_year <= 1: pass # throw an alert, check into sending email / sending to slack + +for site in sites_to_check: + cert = ssl.get_server_certificate((site, 443)) + x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) + # pdb.set_trace() + expiration = datetime.strptime(x509.get_notAfter().decode(), '%Y%m%d%H%M%SZ') + + if (expiration - today): + pass # throw an alert, check into sending email / sending to slack