有时候我们批量更新域名的证书后需要检查这些证书是否已经生效,避免因过期引发问题
# cat check_domain_ssl.py
# coding: utf-8
# 查询域名证书到期情况
import re
import time
import subprocess
from datetime import datetime
from io import StringIO
def main(domain):
# curl --head --resolve store.chinasoft.co.jp:443:${ip} "https://store.chinasoft.co.jp/"
#comm = f"curl -Ivs https://{domain} --connect-timeout 10"
store_servers=["1.1.1.1", "1.1.1.2"]
for store_ip in store_servers:
f = StringIO()
print(store_ip)
comm = f"curl -Ivs --resolve {domain}:443:{store_ip} https://{domain} --connect-timeout 10"
#print(comm)
result = subprocess.getstatusoutput(comm)
f.write(result[1])
m = re.search('start date: (.*?)\n.*?expire date: (.*?)\n.*?common name: (.*?)\n.*?issuer: CN=(.*?)\n', f.getvalue(), re.S)
start_date = m.group(1)
expire_date = m.group(2)
common_name = m.group(3)
issuer = m.group(4)
# time 字符串转时间数组
start_date = time.strptime(start_date, "%b %d %H:%M:%S %Y GMT")
start_date_st = time.strftime("%Y-%m-%d %H:%M:%S", start_date)
# datetime 字符串转时间数组
expire_date = datetime.strptime(expire_date, "%b %d %H:%M:%S %Y GMT")
expire_date_st = datetime.strftime(expire_date,"%Y-%m-%d %H:%M:%S")
# 剩余天数
remaining = (expire_date-datetime.now()).days
print ('域名:', domain)
print ('通用名:', common_name)
print ('开始时间:', start_date_st)
print ('到期时间:', expire_date_st)
print (f'剩余时间: {remaining}天')
print ('颁发机构:', issuer)
print ('*'*30)
time.sleep(1)
f.flush()
f.close()
if __name__ == "__main__":
domains = ['cbs.chinasoft.com']
for domain in domains:
main(domain)
# 运行结果
******************************
1.1.1.1
域名: cart.chinasoft.com
通用名: *.chinasoft.com
开始时间: 2020-06-12 00:00:00
到期时间: 2022-06-13 12:00:00
剩余时间: 728天
颁发机构: RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
******************************
1.1.1.2
域名: cart.chinasoft.com
通用名: *.chinasoft.com
开始时间: 2020-06-12 00:00:00
到期时间: 2022-06-13 12:00:00
剩余时间: 728天
颁发机构: RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
******************************
