summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvgeny Zinoviev <me@ch1p.io>2022-07-09 23:50:02 +0300
committerEvgeny Zinoviev <me@ch1p.io>2022-07-09 23:50:02 +0300
commit47bef947d8ec53e92cd20d3f14f92ecd86d9d2b4 (patch)
treed4bb5465d47c8198154fb7bdea9cc7149bd2b90f
initial
-rw-r--r--LICENSE20
-rw-r--r--README4
-rw-r--r--ssl_check.php57
3 files changed, 81 insertions, 0 deletions
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..5eb8161
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Evgeny Zinoviev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README b/README
new file mode 100644
index 0000000..2bc1a11
--- /dev/null
+++ b/README
@@ -0,0 +1,4 @@
+Simple PHP script that checks SSL certificates expiration dates for a list of given domains
+and notifies you via Telegram if some of them are about to expire.
+
+Supposed to be run by cron daily or so.
diff --git a/ssl_check.php b/ssl_check.php
new file mode 100644
index 0000000..3d60b97
--- /dev/null
+++ b/ssl_check.php
@@ -0,0 +1,57 @@
+#!/usr/bin/env php
+<?php
+
+function notify($text) {
+ $fields = [
+ 'chat_id' => TELEGRAM_CHAT_ID,
+ 'text' => $text,
+ ];
+
+ $ch = curl_init();
+ $url = 'https://api.telegram.org/bot'.TELEGRAM_BOT_TOKEN.'/sendMessage';
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_POST, true);
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
+ curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
+ curl_exec($ch);
+ curl_close($ch);
+}
+
+$domains = [
+ 'example.com',
+ 'example.org',
+ // add domains here
+];
+$now = time();
+
+const TELEGRAM_CHAT_ID = 0;
+const TELEGRAM_BOT_TOKEN = '';
+
+foreach ($domains as $d) {
+ $ipv4 = gethostbyname($d);
+ if ($ipv4 == $d) {
+ echo $d.": gethostbyname did not found ipv4\n";
+ continue;
+ }
+
+ $get = stream_context_create([
+ 'ssl' => [
+ 'capture_peer_cert' => true,
+ 'verify_peer' => false,
+ 'verify_peer_name' => false,
+ 'allow_self_signed' => true,
+ 'verify_depth' => 0,
+ ]
+ ]);
+ $read = stream_socket_client('ssl://'.$d.':443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
+ $cert = stream_context_get_params($read);
+ $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
+
+ $valid_to = $certinfo['validTo_time_t'];
+ if ($valid_to - $now < 86400*7) {
+ $text = "SSL-сертификат для {$d} истекает ".date('d.m.Y H:i:s', $valid_to);
+ notify($text);
+ }
+}