initial

3 files changed, 81 insertions, 0 deletions

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..5eb8161
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Evgeny Zinoviev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README b/README
new file mode 100644
index 0000000..2bc1a11
--- /dev/null
+++ b/README
@@ -0,0 +1,4 @@
+Simple PHP script that checks SSL certificates expiration dates for a list of given domains
+and notifies you via Telegram if some of them are about to expire.
+
+Supposed to be run by cron daily or so.
diff --git a/ssl_check.php b/ssl_check.php
new file mode 100644
index 0000000..3d60b97
--- /dev/null
+++ b/ssl_check.php
@@ -0,0 +1,57 @@
+#!/usr/bin/env php
+<?php
+
+function notify($text) {
+    $fields = [
+        'chat_id' => TELEGRAM_CHAT_ID,
+        'text' => $text,
+    ];
+
+    $ch = curl_init();
+    $url = 'https://api.telegram.org/bot'.TELEGRAM_BOT_TOKEN.'/sendMessage';
+    curl_setopt($ch, CURLOPT_URL, $url);
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($ch, CURLOPT_POST, true);
+    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
+    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
+    curl_exec($ch);
+    curl_close($ch);
+}
+
+$domains = [
+    'example.com',
+    'example.org',
+    // add domains here
+];
+$now = time();
+
+const TELEGRAM_CHAT_ID = 0;
+const TELEGRAM_BOT_TOKEN = '';
+
+foreach ($domains as $d) {
+    $ipv4 = gethostbyname($d);
+    if ($ipv4 == $d) {
+        echo $d.": gethostbyname did not found ipv4\n";
+        continue;
+    }
+
+    $get = stream_context_create([
+        'ssl' => [
+            'capture_peer_cert' => true,
+            'verify_peer' => false,
+            'verify_peer_name' => false,
+            'allow_self_signed' => true,
+            'verify_depth' => 0,
+        ]
+    ]);
+    $read = stream_socket_client('ssl://'.$d.':443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
+    $cert = stream_context_get_params($read);
+    $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
+
+    $valid_to = $certinfo['validTo_time_t'];
+    if ($valid_to - $now < 86400*7) {
+        $text = "SSL-сертификат для {$d} истекает ".date('d.m.Y H:i:s', $valid_to);
+        notify($text);
+    }
+}