A few days ago Ryan from serverlesscode.com posted how you could use AWS Lambda, Cloud Watch and a few other things to get notified of expiring SSL certificates.
Great idea! Now the only issue is that it's very much tied to AWS (which is great if you use AWS). Since I'm more of Webtask and Azure user I decided to make something cloud agnostic.
I wanted something simple that allows me to monitor one or more domains (could be mine or domains from third party services I use), configure a threshold to avoid getting notifications for certificates that expire in 2 years and configure a Slack Incoming Webhook.
The Code
All of this just a very simple Node.js tool and the full source is available on GitHub.
Besides loading some settings and posting to Slack, here is the relevant piece of code that will check the status of the certificate:
const verifyCertificate = (domain, cb) => {
try {
https.request({ host: domain, port: 443, method: 'get', path: '/', rejectUnauthorized: false }, (res) => {
const cert = res.socket.getPeerCertificate();
const valid_until = moment.utc(moment(Date.parse(cert.valid_to)));
cb(null, {
domain,
valid_until,
is_valid: valid_until.isAfter(moment()),
days_remaining: Math.round(moment.duration(valid_until.diff(moment())).asDays())
});
}).on('error', (err) => {
cb({ domain, message: err.message });
}).end();
}
catch (e) {
cb({ domain, message: e.message });
}
}
Usage
Again, since this is Node.js tool you can run this as a CRON job, using the Windows Task Scheduler, deploy it as a Webtask or as a Web Job in Azure. The repository explains in detail how you can run this as a standalone Node.js app, as a Webtask or a Web Job.
But basically it comes down to this...
Webtask
If you haven't configured Webtask on your machine run this first (no creditcard or whatever needed!):
npm i -g wt-cli
wt init
Note: tihs requires at least node 0.10.40 - if you're running multiple version of node make sure to load the right version, e.g. "nvm use 0.10.40"
If you want to run it on a schedule (run every day at 10 AM for example):
wt cron schedule \
--name ssl-cert-expiration-to-slack \
--secret DOMAINS="google.com;facebook.com;twitter.com" \
--secret DAYS_THRESHOLD=90 \
--secret SLACK_INCOMING_WEBHOOK_URL="https://hooks.slack.com/services/xxx"
--json \
"30 10 * * *" \
https://raw.githubusercontent.com/sandrinodimattia/ssl-cert-expiration-to-slack/master/task.js
Azure Web Job
Click this button (this will deploy a Web Job using a Resource Manager template):
Enjoy!