]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/letsencrypt/files/default/bin/check-certificate
Start reminding about expiry at 21 days
[chef.git] / cookbooks / letsencrypt / files / default / bin / check-certificate
index 46ca8e848f62b6f660e2b6cec436b40b996851ec..303314fcab2af17abd12359433ba6465a9094e5c 100755 (executable)
@@ -10,27 +10,27 @@ begin
 
   if Time.now < certificate.not_before
     puts "Certificate #{domain} not valid until #{certificate.not_before}"
 
   if Time.now < certificate.not_before
     puts "Certificate #{domain} not valid until #{certificate.not_before}"
-  elsif certificate.not_after - Time.now < 14 * 86400
+  elsif certificate.not_after - Time.now < 21 * 86400
     puts "Certificate #{domain} expires at #{certificate.not_after}"
   else
     subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" }
 
     if subject_alt_name.nil?
     puts "Certificate #{domain} expires at #{certificate.not_after}"
   else
     subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" }
 
     if subject_alt_name.nil?
-      puts "Certificate #{domain} has no subject_alt_name"
+      puts "Certificate #{domain} has no subjectAltName"
     else
       alt_names = subject_alt_name.value.split(/\s*,\s*/).sort
 
       ARGV.sort.each do |expected|
     else
       alt_names = subject_alt_name.value.split(/\s*,\s*/).sort
 
       ARGV.sort.each do |expected|
-        puts "Certificate #{domain} is missing subject_alt_name #{expected}" unless alt_names.shift == "DNS:#{expected}"
+        puts "Certificate #{domain} is missing subjectAltName #{expected}" unless alt_names.shift == "DNS:#{expected}"
       end
 
       alt_names.each do |name|
       end
 
       alt_names.each do |name|
-        puts "Certificate #{domain} has unexpected altName #{name}"
+        puts "Certificate #{domain} has unexpected subjectAltName #{name}"
       end
     end
   end
 
   connection.finish
       end
     end
   end
 
   connection.finish
-rescue OpenSSL::SSL::SSLError => error
+rescue StandardError => error
   puts "Error connecting to #{domain}: #{error.message}"
 end
   puts "Error connecting to #{domain}: #{error.message}"
 end