Merge pull request #1081 from nginx-proxy/fix-cert-status

fix: don't display LE certificate as erroneously expired
2024-05-26 12:06:20 +02:00 · 2023-12-25 15:49:23 +01:00 · 2023-12-25 15:49:23 +01:00 · 95919300e8
parent 06a5f5e06c 83697e6cbf
commit 95919300e8
1 changed files with 10 additions and 1 deletions
--- a/app/cert_status
+++ b/app/cert_status
@ -10,6 +10,15 @@ function print_cert_info {
  subject="$(openssl x509 -noout -subject -in "$1" | sed -n 's/.*CN = \([a-z0-9.-]*\)/- \1/p')"
  san_str="$(openssl x509 -text -in "$1" | grep 'DNS:')"

+  case "$issuer" in
+    R3 | R4 | E1 | E2)
+      issuer="Let's Encrypt $issuer"
+      ;;
+
+    *)
+      ;;
+  esac
+
  echo "Certificate was issued by $issuer"
  if [[ "$2" == "expired" ]]; then
      echo "Certificate was valid until $enddate"
@ -35,7 +44,7 @@ for cert in /etc/nginx/certs/*/fullchain.pem; do
    [[ -e "$cert" ]] || continue
    if [[ -e "${cert%fullchain.pem}chain.pem" ]]; then
        # Verify the certificate with OpenSSL.
-        if verify=$(openssl verify -CAfile "${cert%fullchain.pem}chain.pem" "$cert" 2>&1); then
+        if verify=$(openssl verify -untrusted "${cert%fullchain.pem}chain.pem" "$cert" 2>&1); then
            echo "$verify"
            # Print certificate info.
            print_cert_info "$cert"