X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/90a99a9591ff08a70463403ad1dba1a2d7939881..4bef1d8c2a8513756683114959bd1c9e5de9b6f9:/cookbooks/letsencrypt/files/default/bin/check-certificate diff --git a/cookbooks/letsencrypt/files/default/bin/check-certificate b/cookbooks/letsencrypt/files/default/bin/check-certificate index 35fbbed1f..73bd8a658 100755 --- a/cookbooks/letsencrypt/files/default/bin/check-certificate +++ b/cookbooks/letsencrypt/files/default/bin/check-certificate @@ -17,18 +17,20 @@ begin ssl.sync_close = true ssl.hostname = domains.first ssl.connect -rescue StandardError => error - puts "Error connecting to #{host}: #{error.message}" +rescue StandardError => e + puts "Error connecting to #{host}: #{e.message}" end -certificate = ssl.peer_cert +if ssl + certificate = ssl.peer_cert -if Time.now < certificate.not_before - puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}" -elsif certificate.not_after - Time.now < 21 * 86400 - puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}" -else - subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" } + if Time.now < certificate.not_before + puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}" + elsif certificate.not_after - Time.now < 21 * 86400 + puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}" + end + + subject_alt_name = certificate.extensions.find { |ext| ext.oid == "subjectAltName" } if subject_alt_name.nil? puts "Certificate #{domains.first} on #{host} has no subjectAltName" @@ -47,6 +49,6 @@ else puts "Certificate #{domains.first} on #{host} has unexpected subjectAltName #{name}" end end -end -ssl.close + ssl.close +end