mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2024-11-26 08:53:52 +01:00
84 lines
2.6 KiB
Bash
Executable File
84 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
function print_cert_info {
|
|
local enddate
|
|
local subject
|
|
local san_str
|
|
|
|
# Get the wanted informations with OpenSSL.
|
|
issuer="$(openssl x509 -noout -issuer -in "$1" | sed -n 's/.*CN = \(.*\)/\1/p')"
|
|
enddate="$(openssl x509 -noout -enddate -in "$1" | sed -n 's/notAfter=\(.*$\)/\1/p')"
|
|
subject="$(openssl x509 -noout -subject -in "$1" | sed -n 's/.*CN = \([a-z0-9.-]*\)/- \1/p')"
|
|
san_str="$(openssl x509 -text -in "$1" | grep 'DNS:')"
|
|
|
|
case "$issuer" in
|
|
R3 | R4 | E1 | E2)
|
|
issuer="Let's Encrypt $issuer"
|
|
;;
|
|
|
|
*)
|
|
;;
|
|
esac
|
|
|
|
echo "Certificate was issued by $issuer"
|
|
if [[ "$2" == "expired" ]]; then
|
|
echo "Certificate was valid until $enddate"
|
|
else
|
|
echo "Certificate is valid until $enddate"
|
|
fi
|
|
echo "Subject Name:"
|
|
echo "$subject"
|
|
|
|
# Display the SAN info only if there is more than one SAN domain.
|
|
while IFS=',' read -ra SAN; do
|
|
if [[ ${#SAN[@]} -gt 1 ]]; then
|
|
echo "Subject Alternative Name:"
|
|
for domain in "${SAN[@]}"; do
|
|
echo "$domain" | sed -n 's/.*DNS:\([a-z0-9.-]*\)/- \1/p'
|
|
done
|
|
fi
|
|
done <<< "$san_str"
|
|
}
|
|
|
|
echo '##### Certificate status #####'
|
|
for cert in /etc/nginx/certs/*/fullchain.pem; do
|
|
[[ -e "$cert" ]] || continue
|
|
if [[ -e "${cert%fullchain.pem}chain.pem" ]]; then
|
|
# Verify the certificate with OpenSSL.
|
|
if verify=$(openssl verify -untrusted "${cert%fullchain.pem}chain.pem" "$cert" 2>&1); then
|
|
echo "$verify"
|
|
# Print certificate info.
|
|
print_cert_info "$cert"
|
|
else
|
|
echo "${cert}: EXPIRED"
|
|
# Print certificate info.
|
|
print_cert_info "$cert" "expired"
|
|
fi
|
|
else
|
|
echo "${cert}: no corresponding chain.pem file, unable to verify certificate"
|
|
# Print certificate info.
|
|
print_cert_info "$cert"
|
|
fi
|
|
|
|
# Find the .crt files in /etc/nginx/certs which are
|
|
# symlinks pointing to the current certificate.
|
|
unset symlinked_domains
|
|
for symlink in /etc/nginx/certs/*.crt; do
|
|
[[ -e "$symlink" ]] || continue
|
|
if [[ "$(readlink -f "$symlink")" == "$cert" ]]; then
|
|
domain="${symlink%.crt}"
|
|
domain="${domain//\/etc\/nginx\/certs\//}"
|
|
symlinked_domains+=("$domain")
|
|
fi
|
|
done
|
|
|
|
# Display symlinks pointing to the current cert if there is any.
|
|
if [[ ${#symlinked_domains[@]} -gt 0 ]]; then
|
|
echo "Certificate is used by the following domain(s):"
|
|
for domain in "${symlinked_domains[@]}"; do
|
|
echo "- $domain"
|
|
done
|
|
fi
|
|
|
|
echo '##############################'
|
|
done
|