allella
commented
2 years ago There are a number of reasons an email might not send, or else end up in a spam folder.
You did this above, but it's necessary to specify the -a flag and the script will only send an email if there's a certificate that's expiring within the (-x DAYS) flag. So, receiving no emails can actually be good, because it can mean no certificates are about to expire. You can test if this is the reason by temporarily setting the -x value to a high number.
If you're running this script on a server, then that server may have a local "sendmail" service setup to send email directly from the server. Or, that "sendmail" service may "relay" outgoing mail through a 3rd party sending service through SMTP.
The outbound port typically needs to be open in any firewalls on a server. These days, this is usually port 587 for secure SMTP traffic.
Using the "out of the box" email sending configuration on a server is likely to still end up in spam unless you've configured SFP and/or DKIM records to authorize your server to send on behalf of the domain specified in the "From" (-E) email address.
If you have a server that's not configured to relay mail already, then setting up a free / cheap account with a email transaction service, like Send Grid + sendmail, is a much better way to avoid emails ending up in a spam folder.
If you're trying to run the script from your local computer, then it's unlikely your local computer is setup to relay emails. Even if ti did, there are things like firewalls ports that may not be open and you're very likely to have spam folder issues relaying from a local machine unless you configure it to relay emails for the "From" domain.
You can usually see if an email is sending on a Linux server, or local computer, by opening /var/log/maillog and checking the end of the file for log messages.
Using the note example:
ssl-cert-check -a -f mydomain-q -x 60 -e mauricio.reyes@mymaildomain.netShows the next: Host Status Expires Days
FILE:/etc/ssl/certs/never8.cer Expiring Oct 9, 2021 22 root@proxy1:/home/n8admin/ssl-cert-check-master# ./ssl-cert-check -a -f never8.com -q -x 60 -e mauricio.reyes@never8.com Usage: ./ssl-cert-check [ -e email address ] [-E sender email address] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-v] { [ -s common_name ] && [ -p port] } || { [ -f cert_file ] } || { [ -c cert file ] } || { [ -d cert dir ] }
-a : Send a warning message through E-mail -b : Will not print header -c cert file : Print the expiration date for the PEM or PKCS12 formatted certificate in cert file -d cert directory : Print the expiration date for the PEM or PKCS12 formatted certificates in cert directory -e E-mail address : E-mail address to send expiration notices -E E-mail sender : E-mail address of the sender -f cert file : File with a list of FQDNs and ports -h : Print this screen -i : Print the issuer of the certificate -k password : PKCS12 file password -n : Run as a Nagios plugin -N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d) -p port : Port to connect to (interactive mode) -q : Don't print anything on the console -s commmon name : Server to connect to (interactive mode) -S : Print validation information -t type : Specify the certificate type -V : Print version information -x days : Certificate expiration interval (eg. if cert_date < days)
root@proxy1:/home/n8admin/ssl-cert-check-master# ./ssl-cert-check -a -f never8.com -q -x 60 -e mauricio.reyes@never8.com