search

ProgrammersOfVilnius / pov-check-health

Debian package that runs basic system health monitoring checks hourly from cron
https://launchpad.net/~pov/+archive/ppa
2 stars 0 forks source link

Wishlist: specify IP address for checkcert_ssl #12

Open mgedmin opened 8 years ago

mgedmin commented 8 years ago

Sometimes I want to make sure that the SSL certificate for example.com installed in the local Apache is up-to-date, even if example.com's DNS points to a different server. E.g. this is a backup host, or there's a DNS round-robin, or IP anycast.

mgedmin commented 8 years ago

The implementation is

checkcert() {
    info_check checkcert "$@"
    local server="$1"
    local days="${2:-${CHECKCERT_WARN_BEFORE:-60}}"
    local output="$(/usr/lib/nagios/plugins/check_http -C "$days" -H "$server" --sni 2>&1)"

If I could pass additional arguments to check_http, I could use -I <ipaddr>.

mgedmin commented 8 years ago

I thought maybe I could use checkweb as a workaround, but nope:

$ checkweb -C 30 eversheds.compass360.net
[red]+ checkweb -C 30 eversheds.compass360.net[/red]
OK - Certificate 'eversheds.compass360.net' will expire on 05/14/2017 23:59.

checkweb expects HTTP OK and assumes OK means an error.