Monitoring SSL Certificate Expiry in Nagios

Ok, so this is a little quick and dirty, but it does what is needed. Perhaps if I was not in such a rush I could create something better.

Create a file called check_ssl with the following, preferably in the same location as your nagios plugins, or somewhere sensible (and make note of the full path for later):


$hostname = $argv[1];

$date = exec("curl --verbose https://".$hostname." 2>&1 | grep expire\\ date: | awk '{print \$4}'").' 00:00:00';

$diff = strtotime($date)-time();
$days = floor($diff / 86400);
echo $hostname . " expires in " . (int)$days . " days";

if($diff < 604800) { // Critical for 7 days and less
if($diff < 2678400) { // Warning for 31 days or less

Then, set the permissions correctly:

chmod +x check_ssl

test with: ./check_ssl
(replace with your domain name)

In your nagios commands definition file (normally commands.cfg) add (replacing $USER1$ if your check_ssl is not in the same folder as the rest of your Nagios plugins):

define command{
   command_name check_ssl
   command_line $USER1$/check_ssl $ARG1$

Finally, add a check with the rest of your services:

define service{
   use generic-service
   host_name **Your server hostname**
   service_description **description**
   check_command check_ssl!**domain name**

Then restart!

Show CommentsClose Comments

Leave a comment