shell脚本之证书到期监控和企微告警
shell脚本之证书到期监控和企微告警
shell脚本实现ssl证书过期及webhook推送,实战运维脚本。也实现基于fastapi接口方式检查域名证书有需要下次展示。
脚本
https.sh
检测和告警脚本, https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxxxxxxxxx替换为自己企微的webhook地址即可
#!/bin/bash #**************************************************************************************** #Author: wei #*************************************************************************************** #!/bin/bash # 检测https证书有效期 source /etc/profile while read line; do end_time=$(echo | timeout 1 openssl s_client -servername $line -connect $line:443 2>/dev/null | openssl x509 -noout -enddate 2> /dev/null | awk -F '=' '{print $2}') end_times=$(date -d "$end_time" +%s) current_times=$(date -d "$(date -u '+%b %d %T %Y GMT')" +%s) echo $end_times $current_times &> /dev/null let left_time="$end_times - $current_times" days=$(expr $left_time / 86400) #echo "$line 剩余天数: ${days}" #[[ ${days} -lt 30 ]] && echo "https ssl cert 少于 30 days" || echo "${line} 剩余时间是 $days" if [[ ${days} -eq 0 ]];then echo "$line DNS解析异常" elif [[ "${days}" -lt 0 ]];then echo "$line 证书已过期" elif [[ "${days}" -lt 40 ]];then echo "$line 剩余天数: ${days}" curl -X POST -H "Content-Type: application/json" \ -d '{"msgtype": "text", "text": {"content": "'$line' 证书过期剩余天数: '$days' , 请及时更换!!"}}' \ https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxxxxxxxxx elif [[ "${days}" -lt 4 ]];then echo "$line 剩余天数: ${days}" curl -X POST -H "Content-Type: application/json" \ -d '{"msgtype": "text", "text": {"content": "'$line' 证书过期剩余天数: '$days' , 请持续观察和验证证书!!"}}' \ https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxxxxxxxxx fi done < ./https_list
https_list
检查域名证书列表文件
api.wqyfchina.com
k8s.wqyfchina.com
api.wqyfchina.com
执行告警