HTTP - SSL证书过期检查 - 《Dev Ops》

从阿里云获取所有域名解析：

#! /data/devops/py3.7env/bin/python
# -*- coding:utf-8 -*-
# Author: yau
##此脚本用来获取https证书过期时间，需要先执行pip install aliyun-python-sdk-core aliyun-python-sdk-alidns pyyaml
from aliyunsdkcore.client import AcsClient
profile = {
    "accessKeyId": "xx",
    "accessKeySecret": "xx",
    "regionId": "cn-hangzhou"
}
from aliyunsdkalidns.request.v20150109.DescribeDomainRecordsRequest import DescribeDomainRecordsRequest
import json
import os
import sys
def describe_domain_records(client, record_type, subdomain):
    request = DescribeDomainRecordsRequest()
    request.set_accept_format('json')
    request.set_Type(record_type)
    request.set_DomainName(subdomain)
    request.set_PageSize(500)
    response = client.do_action_with_exception(request)
    response = str(response, encoding='utf-8')
    result = json.loads(response)
    return result
client = AcsClient(profile["accessKeyId"], profile["accessKeySecret"], profile["regionId"])
des_result = describe_domain_records(client, sys.argv[1], sys.argv[2])
for domain in des_result['DomainRecords']['Record']:
  os.system('echo ' + domain['RR']+'.'+domain['DomainName'] + ' >> domain-aliyun.txt')
# python get.py A xxx.com

查询域名证书是否过期脚本：

#! /data/devops/py3.7env/bin/python
# -*- coding:utf-8 -*-
# Author: yau
##此脚本用来获取https证书过期时间，需要先执行pip install pyopenssl
import argparse;
from urllib3.contrib import pyopenssl as reqs;
from datetime import datetime;
#命令行参数
parser = argparse.ArgumentParser(description='本脚本获取https证书到期时间');
parser.add_argument('-w', '-www', metavar='https网站，如www.xxx.com',required=True, dest='sites', nargs='+', help='输入监控的https网站')
args = parser.parse_args()
#公网验证
def get_notafter(www):
    cert = reqs.OpenSSL.crypto.load_certificate(reqs.OpenSSL.crypto.FILETYPE_PEM, reqs.ssl.get_server_certificate((www, 443)));
    notafter = datetime.strptime(cert.get_notAfter().decode()[0:-1], '%Y%m%d%H%M%S');
    remain_days = notafter - datetime.now();
    print(www,'['+str(remain_days.days)+']');
#输出结果
try:
    for site in args.sites:
        get_notafter(site);
except Exception as e:
    print(site,"[Invalid address]");
#for site in args.sites:
#  get_notafter(site);

循环检查域名shell脚本

#/bin/bash
for i in `cat domain-aliyun.txt`
do
echo "${i}" | grep "^#" &> /dev/null
if [ "$?"  == 0 ];then
  continue
fi
time=`./sslooker -w ${i}`
echo ${time}
echo ${time} | grep 'Invalid address' &> /dev/null
if [ "$?" != "0" ];then
  days=`echo ${time} | awk -F' ' '{print $NF}' | sed 's/\[//g' | sed 's/\]//g'`
  if [ $days -lt 15 ];then
    echo 1 >  ssl_status
    exit 1
  fi
fi
done
echo 0 > ssl_status