search

Matty9191 / ssl-cert-check

Send notifications when SSL certificates are about to expire.
GNU General Public License v2.0
719 stars 285 forks source link

script is broken if reading from file #96

Open hanscees opened 4 years ago

hanscees commented 4 years ago

When I fire the script to read from file it fails:

./ssl-cert-check  -f ssldomains

ERROR: The file named /var/tmp/cert.ueLNSS is unreadable or doesn't exist
ERROR: Please check to make sure the certificate for www.bomengids.nl:443:www.bomengids.nl:443 is valid
cat ssldomains 
www.nu.nl:443
www.bomengids.nl:443

when I use it interactively it works fine

root@mail # ./ssl-cert-check  -s www.nu.nl -p 443

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
Matty9191 commented 4 years ago

Your syntax is incorrect. There should be a space between the domain name and port:

$ ssl-cert-check -f domains

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
www.bomengids.nl:443                            Valid        Jul 23, 2021  337

Please see this article for practical examples.

hanscees commented 4 years ago

here is the fix https://github.com/Matty9191/ssl-cert-check/commit/b257b9364ea8cbc23d0b83e9401d19b9874d12b7#diff-86977fd8bc9006d031d54752a7b726d1

hanscees commented 4 years ago

Your syntax is incorrect. There should be a space between the domain name and port:

$ ssl-cert-check -f domains

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
www.bomengids.nl:443                            Valid        Jul 23, 2021  337

Please see this article for practical examples.

If that is the case, could you please edit the documentation, since nowhere it is stated what the file to read form should look like.

If you could perhaps adjust this line

  -f cert file      : File with a list of FQDNs and ports

like so

  -f cert file      : File with a list of FQDNs and ports. FQDN and ports should be on one line separated by a space.

I apologize if I overlooked something!

Matty9191 commented 4 years ago

This is thoroughly documented in the official documentation.

hanscees commented 4 years ago

This is thoroughly documented in the official documentation.

it is not here: https://github.com/Matty9191/ssl-cert-check/blob/master/README.md unless you go and check the additional information.

it is not here: ./ssl-cert-check -h

So by no means is it thoroughly documented. I see two places you can improve that.

hanscees commented 4 years ago

Anyway, I learned a great deal on openssl from analysing this script.

I did find one error it does not catch:

# openssl s_client -connect nc.hanscees.com:443 -servername nc.hanscees.com
socket: Bad file descriptor
connect:errno=9

In this situation the server does resolve, but wrongly and no certificate is downloaded. Your error checking gets a lot of errors, but misses this one.