shell脚本之证书到期监控和企微告警

shell脚本之证书到期监控和企微告警

shell脚本实现ssl证书过期及webhook推送，实战运维脚本。也实现基于fastapi接口方式检查域名证书有需要下次展示。

脚本

https.sh

检测和告警脚本, https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxxxxxxxxx替换为自己企微的webhook地址即可

#!/bin/bash
#****************************************************************************************
#Author:                 wei
#***************************************************************************************
#!/bin/bash
# 检测https证书有效期

source /etc/profile

while read line; do

end_time=$(echo | timeout 1 openssl s_client -servername $line -connect $line:443 2>/dev/null | openssl x509 -noout -enddate 2> /dev/null | awk -F '=' '{print $2}')

end_times=$(date -d "$end_time" +%s)
current_times=$(date -d "$(date -u '+%b %d %T %Y GMT')" +%s)

echo $end_times $current_times &> /dev/null

let left_time="$end_times - $current_times"
days=$(expr $left_time / 86400)
#echo "$line 剩余天数: ${days}"

#[[ ${days} -lt 30 ]] && echo "https ssl cert 少于 30 days" || echo "${line} 剩余时间是 $days"

if [[ ${days} -eq 0 ]];then
    echo "$line DNS解析异常"
elif [[ "${days}" -lt 0 ]];then
    echo "$line 证书已过期"
elif [[ "${days}" -lt 40 ]];then
    echo "$line 剩余天数: ${days}"
    curl -X POST -H "Content-Type: application/json" \
    -d '{"msgtype": "text", "text": {"content": "'$line' 证书过期剩余天数: '$days' , 请及时更换！！"}}' \
    https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxxxxxxxxx
elif [[ "${days}" -lt 4 ]];then
    echo "$line 剩余天数: ${days}"
    curl -X POST -H "Content-Type: application/json" \
    -d '{"msgtype": "text", "text": {"content": "'$line' 证书过期剩余天数: '$days' , 请持续观察和验证证书！！"}}' \
    https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxxxxxxxxxxxx
fi

done < ./https_list

https_list

检查域名证书列表文件

api.wqyfchina.com
k8s.wqyfchina.com
api.wqyfchina.com

执行告警