eb9d7fa2a1
[ssl/ssl-certificate-expiry] Disable shellcheck SC1090
...
When linting this script, this will always fire. This is because shellcheck
only does static code analysis and thus can not determine the filepath.
References:
- https://www.shellcheck.net/wiki/SC1090
2023-01-13 21:57:17 -08:00
470e837b26
[ssl/ssl-certificate-expiry] Add configurable timeout
...
This should help with unreachable hosts, as the plugin can take more than
10 minutes to complete otherwise. These changes should be fully backwards
compatible, since the default is no timeout set, so it acts the same way
as before.
Changes:
- Introduce "timeout" configuration
- Only run timeout when configured
- Document usage of new configuration
2023-01-13 21:57:17 -08:00
d9701b4f6a
certificate_file_expiry: add option to ignore unexpanded patterns
...
this helps use the same configs on multiple nodes where not all the
patterns expand to existing files on all of them or when files are not
yet existing
2022-02-21 10:34:31 +01:00
4b8b098288
certificate_file_expiry: enable checking openvpn in config certificates
2022-02-21 10:34:31 +01:00
f0d5df2902
certificate_file_expiry: re-enable old defaults for warning and critical
...
those were accidentially removed in
76170d2745
2022-02-21 10:19:41 +01:00
94066132ce
[ssl-certificate-expiry] add env.skip_cert_hashes to skip certificates
...
This fix allows to skip validity checks on any intermediate certificate
which subject hash appears in the list.
Let's Encrypt certificates are cross-signed by both DST Root CA X3 and
ISRG Root X1. DST Root CA X3 has expired on 2021-09-30 [0], which causes
the plugin to incorrectly report some full-chain LE certificates as
expired.
[0] https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2021-12-31 19:26:58 +01:00
fea81596eb
certificate_file_expiry: optional logarithmic view for long lived certs
...
logarithmic was removed in d885a314ad
2021-12-04 02:30:02 +01:00
31db64fefe
certificate_file_expiry: label "50" instead of "5e+01"
...
Scale values were "4e+01, 5e+01, ...". Using linear scale and "48, 50, 52, ..." is much more readable.
Also use shorter vlabel, old one is too long.
2021-12-02 16:38:17 +01:00
c6590b6715
letsencrypt_weekly: display by registered domain
2021-10-25 21:18:47 +02:00
09974133b3
ssl-certificate-expiry: fix handling domains starting with digits
...
resolves #1224
2021-07-14 21:25:22 +02:00
2c9121708a
Fix some spelling mistakes
...
Thanks, codespell!
2021-04-05 23:24:50 +02:00
da87fcd6c7
Fix spelling issues
2021-03-31 20:39:12 +02:00
9c995590b2
certificate_file_expiry: add pattern support for CERT env variable
2020-12-28 20:42:30 +01:00
eb7a1e7276
Add some sane defaults, some enviromental variable overrides, fix autoconf, and add more error trapping
2020-11-28 20:31:45 +01:00
36c291110d
Change proposed name, certbot_certs -> certbot_expiry
2020-11-28 20:31:45 +01:00
2f7d94071d
Add "certbot-certs"
...
This plugin will semi-auto discover certbot (letsencrypt) certificates and output their expiry in days.
2020-11-28 20:31:45 +01:00
f0479a9a7d
[ssl-certificate-expiry] host name verification + proxy connection ( #1126 )
...
* optional verification of request to certificate hostname match (env.checkname yes)
* optional openssl proxy usage (env.proxy PROXYHOST:PORT)
2020-10-31 23:41:06 +01:00
8542c09283
fixup file mode 755
2020-10-28 21:54:42 +01:00
f6ea58d5f5
avoid blocking in ssl_
...
Just in case there is a firewall dropping packages, this plugin
would block until the plugin timeout is reached. This change introduces
the possibility to configure a much lower individual timeout.
2020-10-28 21:54:42 +01:00
09b88141b3
Improve documantion of many plugins
...
Specifically the configuration examples are now indented properly.
2020-10-24 17:29:08 +02:00
bba98f95b3
ssl-certificate-expiry: Feature added: checking intermediate certs as well ( #1088 )
2020-09-06 22:19:12 +02:00
8713eb3722
Fix spelling mistakes in comments and descriptions
...
Thanks, codespell!
2020-03-26 04:23:21 +01:00
52144bc277
ssl-certificate-expiry: remove hardcoded CA directory path
...
This should allow the plugin to be usable on all platforms.
2020-02-06 00:54:29 +01:00
292cfb955a
ssl-certificate-expiry: add support for FreeBSD's "date"
...
Thanks to oz42
Closes : #1038
2020-01-25 01:22:11 +01:00
0b4725d69d
[ssl/ssl-certificate-expiry] Fix unset starttls parameter
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2019-10-03 17:28:04 +02:00
3aa213d497
Add support for StartTLS in ssl-certificate-expiry ( #1018 )
...
* Add support for StartTLS in ssl-certificate-expiry
Added support for StartTLS in ssl-certificate-expiry
Use env.services foo.example.net_25_smtp to enable StartTLS on a SMTP server.
2019-09-17 19:37:37 +02:00
4e7c45fdc9
Fix typos in certificate_file_expiry
...
Typos broke the sample configuration
2019-09-02 23:07:45 +02:00
7fed3b9765
Fix multiple shellcheck issues
2019-08-13 05:16:13 +02:00
d6d5fa80be
Added plugins for certificates
...
* plugin to monitor certificiate lifetime
* plugin to monitor letsencrypt certificate issue limit
2019-07-31 03:13:21 +02:00
7e995a0210
squash! squash! [ssl-certificate-expiry] Add asynchronous update via cron
...
* use find to detect only recent cache files
* reduce cron periodicity to an hour
* use variable instead of TMP file
2019-07-22 22:15:20 +10:00
793b75b9ee
squash! [ssl-certificate-expiry] Add asynchronous update via cron
...
revert local
2019-07-22 22:07:43 +10:00
59f057f88b
[ssl-certificate-expiry] Add asynchronous update via cron
...
Also, cleanup the script to be better POSIX sh compatible, and add -u to
the shebang.
2019-07-20 22:51:56 +10:00
e7eb28869c
plugins ssl_ and ssl-certificate-expiry: various improvements
...
* simplify date parsing: use "date" instead of awk's "mktime" (requires gawk)
* simplify structure
* use the same function (copy'n'paste) for both plugins
Closes : #893
2018-03-30 01:53:48 +02:00
81e1966814
[ssl] Remove legacy ssl, and replacement ssl-certificate-expiry
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-07-23 13:19:40 +10:00
332396976b
fixup! [multi-ssl] Backward compatibility with ssl_
2017-06-21 21:32:48 +10:00
21cc6fc458
[ssl-certificate-expiry] Rename from multi_ssl
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-20 21:15:17 +10:00
47ef218263
[multi-ssl] Backward compatibility with ssl_
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-20 21:14:24 +10:00
f31fe9a6c3
[multi-ssl] POSIX shell compatibility
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-16 21:09:50 +10:00
91fe427bfc
[ssl_/multi_ssl] More legible cert-parsing code
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-16 20:46:12 +10:00
a4c308081c
[multi_ssl] New plugin showing multiple SSL Cert expiry in one graph
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2017-06-13 10:51:36 +10:00
eaf6c2d7ce
Category Tree: Reduce number of categories
...
mogilefs -> fs (mogilefs)
moodle -> cms (moodle)
openvz -> virtualization (openvz)
wowza -> streaming (wowza)
varnish -> webserver (varnish)
xbnbt -> torrent (xbnbt)
2017-02-23 15:31:40 +01:00
43e67ac747
[ssl_] Can't use colon in plugin names
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2016-08-05 14:04:58 +10:00
21dfe488c0
[ssl_] Allow to specify ports other than HTTPS
...
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2016-08-05 13:22:49 +10:00
f3917e1595
Support SNI in the certificate checking
...
plugin was checking the first vhost rather than the correct vhost's ssl certificate validity.
2013-10-03 09:50:57 +02:00
33cf24ad79
more sensible subdirectory name (ssl_certificates -> ssl)
2013-08-11 08:00:41 +02:00
HaseHarald