python批量检查通一个集群针对同一个域名解析到不同IP地址证书的有效性
有时候我们批量更新域名的证书后需要检查这些证书是否已经生效,避免因过期引发问题 # cat check_domain_ssl.py # coding: utf-8 # 查询域名证书到期情况 import re import time import subprocess from datetime import datetime from io import StringIO def main(domain): # curl --head --resolve store.chinasoft.co.jp:443:${ip} "https://store.chinasoft.co.jp/" #comm = f"curl -Ivs https://{domain} --connect-timeout 10" store_servers=["1.1.1.1", "1.1.1.2"] for store_ip in store_servers: f = StringIO() print(store_ip) comm = f"curl -Ivs --resolve {domain}:443:{store_ip} https://{domain} --connect-timeout 10" #print(comm) result = subprocess.getstatusoutput(comm) f.write(result[1]) m = re.search('start date: (.*?)\n.*?expire date: (.*?)\n.*?common name: (.*?)\n.*?issuer: CN=(.*?)\n', f.getvalue(), re.S) start_date = m.group(1) expire_date = m.group(2) common_name = m.group(3) issuer = m.group(4) # time 字符串转时间数组 start_date = time.strptime(start_date, "%b %d %H:%M:%S %Y GMT") start_date_st = time.strftime("%Y-%m-%d %H:%M:%S", start_date) # datetime 字符串转时间数组 expire_date = datetime.strptime(expire_date, "%b %d %H:%M:%S %Y GMT") expire_date_st = datetime.strftime(expire_date,"%Y-%m-%d %H:%M:%S") # 剩余天数 remaining = (expire_date-datetime.now()).days print ('域名:', domain) print ('通用名:', common_name) print ('开始时间:', start_date_st) print ('到期时间:', expire_date_st) print (f'剩余时间: {remaining}天') print ('颁发机构:', issuer) print ('*'*30) time.sleep(1) f.flush() f.close() if __name__ == "__main__": domains = ['cbs.chinasoft.com'] for domain in domains: main(domain) # 运行结果 ****************************** 1.1.1.1 域名: cart.chinasoft.com 通用名: *.chinasoft.com 开始时间: 2020-06-12 00:00:00 到期时间: 2022-06-13 12:00:00 剩余时间: 728天 颁发机构: RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US ****************************** 1.1.1.2 域名: cart.chinasoft.com 通用名: *.chinasoft.com 开始时间: 2020-06-12 00:00:00 到期时间: 2022-06-13 12:00:00 剩余时间: 728天 颁发机构: RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US ******************************