Check remaining time of all Certificates on Apache Webserver

1. #!/usr/bin/perl -w
2. use strict;
3. use Crypt::OpenSSL::X509;       # requires: apt install libcrypt-openssl-x509-perl
4. use DateTime::Format::Strptime; # requires: apt install libdatetime-format-strptime-perl
5. use Getopt::Long qw(GetOptions);
6. use Data::Dumper;
7.  
8. my $verbose; my $help; my $debug;
9. my $limit = 30;
10. my $LetsEncrytpCertDir="/etc/letsencrypt/live";
11. my $ApacheConfigs="/etc/apache2/sites-enabled/*";
12. my %certlist;
13.  
14. GetOptions('limit=i' => \$limit, 'v' => \$verbose, 'd|vv' => \$debug, 'help|?|h' => \$help);
15.  
16. if ($help) {
17. print "Aufruf-Argumente:\n";
18. print "-limit=30 ... nur Zertifikate anzeigen, die in den nächsten 30 Tagen ablaufen\n";
19. print "-v ... Verbose Output\n";
20. print "-vv ... Debug Output\n";
21. exit(1);
22. }
23.  
24. $verbose++ if $debug;
25.  
26. # Lets Encrypt Certificates from Filesystem
27. opendir my $DirHandle, $LetsEncrytpCertDir or die "$0: opendir: $!";
28. while (defined(my $name = readdir $DirHandle)) {
29.       next unless -d "$LetsEncrytpCertDir/$name"; next if $name =~ /^\./; # Enumarate Directories
30.       $name = "$LetsEncrytpCertDir/$name/fullchain.pem";
31.       if (-e $name) {
32.          print "Adding to List: $name\n" if $debug;
33.          $certlist{$name}++;
34.       } else { print "Warning: File not found: $name\n"; }
35. }
36. closedir($DirHandle);
37.  
38. # Get all Certificates used by Apache
39. foreach my $certfile (`egrep -i "SSLCertificateFile" $ApacheConfigs`) {
40.   chomp($certfile);
41.   print "Found Apache Entry: $certfile\n" if $debug;
42.   next if $certfile !~ /:\s*SSLCertificateFile\s+(.+)/i;
43.   my $cert = $1;
44.   print "Adding to List: " . $cert . "\n" if $debug;
45.   $certlist{$cert}++;
46. }
47.  
48. sub checkcert($)
49. { my $certfile=shift;
50.   my $cert = Crypt::OpenSSL::X509->new_from_file($certfile);
51.   #print $cert->notAfter() . "\n"; # Apr 11 17:24:00 2017 GMT
52.   my $date_valid = DateTime::Format::Strptime->new(pattern => '%b %d %H:%M:%S %Y %Z', on_error  => 'croak')->parse_datetime($cert->notAfter())                          ;
53.   my $days_left = $date_valid->delta_days(DateTime->now())->delta_days();
54.   my $name = $cert->subject(); $name = $1 if $name =~ /CN=(\S+)/i;
55.   if ($days_left <= $limit || $verbose) {
56.      print "$name" . " "x(25-length($name)) . " "x(4-length($days_left)) . $days_left . " Days difference now to " . $date_valid->strftime("%d                          .%m.%Y %H:%M:%S %Z") . "\n";
57.      print " "x30 . "File: $certfile\n";
58.      my $SAN = $cert->extensions_by_name()->{'subjectAltName'}->value();
59.      $SAN =~ s/[^\w\d\.-]/./g;
60.      $SAN =~ s/^\dU?\.+//;
61.      $SAN =~ s/\.\./\n                                       /g;
62.      print " "x30 . "AltName: " . $SAN . "\n";
63.   }
64. }
65.  
66. foreach my $certfile (keys %certlist) { checkcert($certfile); }
67. exit(0);