1
0
docker-letsencrypt-nginx-pr.../app/cert_status

59 lines
1.9 KiB
Plaintext
Raw Normal View History

#!/bin/bash
function print_cert_info {
local enddate
local subject
local san_str
# Get the wanted informations with OpenSSL.
issuer="$(openssl x509 -noout -issuer -in "$1" | sed -n 's/.*CN=\(.*\)/\1/p')"
enddate="$(openssl x509 -noout -enddate -in "$1" | sed -n 's/notAfter=\(.*$\)/\1/p')"
subject="$(openssl x509 -noout -subject -in "$1" | sed -n 's/.*CN=\([a-z0-9.-]*\)/- \1/p')"
san_str="$(openssl x509 -text -in "$1" | grep 'DNS:')"
echo "Certificate was issued by $issuer"
echo "Certificate is valid until $enddate"
echo "Subject Name:"
echo "$subject"
# Display the SAN info only if there is more than one SAN domain.
while IFS=',' read -ra SAN; do
if [[ ${#SAN[@]} -gt 1 ]]; then
echo "Subject Alternative Name:"
for domain in "${SAN[@]}"; do
echo "$domain" | sed -n 's/.*DNS:\([a-z0-9.-]*\)/- \1/p'
done
fi
done <<< "$san_str"
}
echo '##### Certificate status #####'
for cert in /etc/nginx/certs/*/fullchain.pem; do
[[ -e "$cert" ]] || continue
# Verify the certificate with OpenSSL.
openssl verify -CAfile "${cert%fullchain.pem}chain.pem" "$cert"
# Print certificate info.
print_cert_info "$cert"
# Find the .crt files in /etc/nginx/certs which are
# symlinks pointing to the current certificate.
unset symlinked_domains
for symlink in /etc/nginx/certs/*.crt; do
[[ -e "$symlink" ]] || continue
if [[ "$(readlink -f "$symlink")" == "$cert" ]]; then
domain="$(echo "${symlink%.crt}" | sed 's#/etc/nginx/certs/##g')"
symlinked_domains+=("$domain")
fi
done
# Display symlinks pointing to the current cert if there is any.
if [[ ${#symlinked_domains[@]} -gt 0 ]]; then
echo "Certificate is used by the following domain(s):"
for domain in "${symlinked_domains[@]}"; do
echo "- $domain"
done
fi
echo '##############################'
done