]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/letsencrypt/files/default/bin/check-certificate
planet: only rate limit files else apache segfault
[chef.git] / cookbooks / letsencrypt / files / default / bin / check-certificate
index 35fbbed1f7b08405d193595601d4cedff862812e..73bd8a658c1731a2f15b835ddb2f9ef4e4b1050b 100755 (executable)
@@ -17,18 +17,20 @@ begin
   ssl.sync_close = true
   ssl.hostname = domains.first
   ssl.connect
   ssl.sync_close = true
   ssl.hostname = domains.first
   ssl.connect
-rescue StandardError => error
-  puts "Error connecting to #{host}: #{error.message}"
+rescue StandardError => e
+  puts "Error connecting to #{host}: #{e.message}"
 end
 
 end
 
-certificate = ssl.peer_cert
+if ssl
+  certificate = ssl.peer_cert
 
 
-if Time.now < certificate.not_before
-  puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}"
-elsif certificate.not_after - Time.now < 21 * 86400
-  puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
-else
-  subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" }
+  if Time.now < certificate.not_before
+    puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}"
+  elsif certificate.not_after - Time.now < 21 * 86400
+    puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
+  end
+
+  subject_alt_name = certificate.extensions.find { |ext| ext.oid == "subjectAltName" }
 
   if subject_alt_name.nil?
     puts "Certificate #{domains.first} on #{host} has no subjectAltName"
 
   if subject_alt_name.nil?
     puts "Certificate #{domains.first} on #{host} has no subjectAltName"
@@ -47,6 +49,6 @@ else
       puts "Certificate #{domains.first} on #{host} has unexpected subjectAltName #{name}"
     end
   end
       puts "Certificate #{domains.first} on #{host} has unexpected subjectAltName #{name}"
     end
   end
-end
 
 
-ssl.close
+  ssl.close
+end