Use nagios to monitor ssl certificate expiration time

1. Write a monitoring script.

# vim check_ssl_expiry.sh

#!/bin/bash
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2

Host=$1

end_date=$(echo | openssl s_client -connect $Host:443 2>/dev/null -servername $Host | openssl x509 -noout -dates | sed -n 's/notAfter=//p' | sed -n 's/ GMT//p')

if [ -n "$end_date" ];then
    end_date_seconds=$(date +%s -d "$end_date")
    now_seconds=$(date +%s)
    valid_days=$[($end_date_seconds-$now_seconds)/24/3600]
fi

if [ $valid_days -lt 60 ];then
    echo "WARNING: SSL cert of $Host will be expired after $valid_days days."
    exit $STATE_WARNING
elif [ $valid_days -lt 30 ];then
    echo "CRITICAL: SSL cert of $Host will be expired after $valid_days days."
    exit $STATE_CRITICAL
else
    echo "OK: SSL cert of $Host will be expired after $valid_days days."
    exit $STATE_OK
fi

2. Add command configuration.

# vim command.cfg
#check_ssl_expiry command definition
define command {
    command_name check_ssl_expiry
    command_line /usr/lib/nagios/plugins/check_ssl_expiry $ARG1$
}

3. Define the monitoring item service.

# vim ssl.cfg
define service{
    use                             oupeng-svc
    contact_groups                  group-sa
    service_description             check_ssl_www.opgirl.cn
    check_command                   check_ssl_expiry!www.opgirl.cn
}

4. Reload configuration.

# /etc/init.d/nagios reload