fschulze
commented
1 week ago Currently wildcard certificates aren't supported. It shouldn't be too hard to add, but I currently don't have time for it. I personally use it with Let's Encrypt only. I'm not sure whether they have wildcard support by now so I could test it. You could send me your actual domains privately via email, so I could test it when I get to it.
HI there We are using wildcard domains, but the check started failing domain1.tv, www.domain1.tv Issued by: Amazon RSA 2048 M03 Valid until 2025-01-31 23:59:59 (224 days, 2:21:00). More alternate names than specified .domain1.tv. content-api.domain2.mobi Validation error '[10, 1, 'certificate has expired']'. Issued by: E1 Valid until 2024-08-11 00:28:33 (50 days, 2:50:00). Alternate names in certificate: domain2.mobi, .domain2.mobi The requested domain content-api.domain2.mobi doesn't match the certificate domain domain2.mobi. 2 error(s), 1 warning(s)
If I do check_tls_certs .domain1.tv Traceback (most recent call last): File "/usr/local/bin/check_tls_certs", line 11, in
sys.exit(main())
File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 764, in call
return self.main( args, kwargs)
File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, ctx.params)
File "/usr/local/lib/python3.6/dist-packages/click/core.py", line 555, in invoke
return callback(*args, *kwargs)
File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 284, in main
domain_certs = get_domain_certs(domains)
File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 97, in get_domain_certs
return dict(x.result() for x in done)
File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 97, in
return dict(x.result() for x in done)
File "/usr/lib/python3.6/concurrent/futures/thread.py", line 56, in run
result = self.fn( self.args, **self.kwargs)
File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 78, in get_cert_from_domain
data = _get_cert_from_domain(domain)
File "/usr/local/lib/python3.6/dist-packages/check_tls_certs.py", line 64, in _get_cert_from_domain
sock.connect((domain.connection_host, domain.port))
File "/usr/local/lib/python3.6/dist-packages/OpenSSL/SSL.py", line 1965, in connect
return self._socket.connect(addr)
socket.gaierror: [Errno -2] Name or service not known
how do i use it with SAN and wildcard?