warned = False
for domain in domains:
+ errstr = None
+ certerr = False
warn = datetime.timedelta(days=DAYS_BEFORE_WARN)
try:
with socket.create_connection((domain, 443)) as sock:
with context.wrap_socket(sock, server_hostname=domain) as ssock:
cert = ssock.getpeercert()
except (ssl.CertificateError, ssl.SSLError) as e:
- print(f'{domain} cert error: {e}', file=sys.stderr)
- continue
- expire = datetime.datetime.strptime(cert['notAfter'],
- '%b %d %H:%M:%S %Y %Z')
- now = datetime.datetime.utcnow()
- left = expire - now
-
- leftstr = f'{domain:30s} cert: {str(left).rsplit(".",1)[0]} left until it expires'
+ certerr = True
+ errstr = f'{domain} cert error: {e}'
+
+ if not certerr:
+ expire = datetime.datetime.strptime(cert['notAfter'],
+ '%b %d %H:%M:%S %Y %Z')
+ now = datetime.datetime.utcnow()
+ left = expire - now
+
+ errstr = f'{domain:30s} cert: {str(left).rsplit(".",1)[0]} left until it expires'
if not args.quiet:
- print(leftstr, file=sys.stderr)
- if left < warn and args.email:
- subject = f'{domain}\'s SSL Cert is expiring soon.'
- body = leftstr
+ print(errstr, file=sys.stderr)
+ if (certerr or (left < warn)) and args.email:
+ subject = f'Certificate problem with {domain}'
+ body = errstr
email = args.email
if email == []:
email = DEFAULT_EMAIL
projects / ceph-cm-ansible.git / commitdiff