We have created a Nagios plugin called check_ssl_cert_expiry . The nagios plugin will send the alert (warning/critical) before SSL Certificate expiry date. We have tested this plugin to check HTTPS website URL. It is working very well.

Why we require check_ssl_cert_expiry nagios plugin

To know how many days are left before date of expiration of SSL Certificate.

Features of check_ssl_cert_expiry:

1. The warning and critical alert will be send before no. of days left for SSL certificate expiration.
2. The nagios server may be running in different timezone. The SSL Certificate expiration date generally shows in GMT timezone (As much I have seen, it can be different). So here we have to make difference in days as per our Nagios Server timezone.
Hence, it is scripted in a way that no matter which timezone the SSL certificate expiration timezone given.It will make it compatible with yours Nagios Server timezone.

The given below is code detail of check_ssl_cert_expiry

The nagios plugin is also available in our Github account.

#!/bin/bash
## Author: Sharad Kumar Chhetri
## Creation Date : 10-Dec-2014
## Description : Send Warning/Critical alert before expiry date of SSL Certificate.
## Version : 1.0
##
## Usage example: /check_ssl_cert_expiry -h www.google.co.in -w 90 -c 60
## -w = integer number (Warning days)
## -c = integer number (Critical days)
#
# Requirement : bc command should be available in system.
#

_HOST=""
_WARNEXPIRYDAYS=""
_CRITEXPIRYDAYS=""

while getopts "h:w:c:" opt
do
case $opt in
h ) _HOST=$OPTARG;;
w ) _WARNEXPIRYDAYS=$OPTARG;;
c ) _CRITEXPIRYDAYS=$OPTARG;;
esac
done

if [ ! "$_HOST" ]
then
printf "ERROR - Either give Hostname in syntax as www.example.com or example.com with -h!n"
exit 3
fi
if [ ! "$_WARNEXPIRYDAYS" ]
then
printf "ERROR - Add WARNING expiry in days with -wn"
exit 3
fi
if [ ! "$_CRITEXPIRYDAYS" ]
then
printf "ERROR - Add CRITICAL expiry in days with -cn"
exit 3
fi

EXPIRYDATE=`echo "QUIT" | openssl s_client -connect $_HOST:443 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null|sed 's/notAfter=//g'`
#echo $EXPIRYDATE

EXPIRYDATE_epoch=$(date --date "$EXPIRYDATE" +%s)

CURRENT_DATE_epoch=`date +%s`

#echo $EXPIRYDATE_epoch
#echo $CURRENT_DATE_epoch
#echo $dayDiff

epochDiff=`echo "$EXPIRYDATE_epoch" - "$CURRENT_DATE_epoch"|bc`
#echo $epochDiff

### Get difference of days
dayDiff=`echo "$epochDiff"/86400|bc`
#echo $dayDiff

if [ "$dayDiff" -le "$_CRITEXPIRYDAYS" ]
then
echo "CRITICAL : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 2
else
if [  "$dayDiff" -le "$_WARNEXPIRYDAYS" ]
then
echo  "WARNING : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 1
else
if [ "$dayDiff" -gt "$_WARNEXPIRYDAYS" ]
then
echo "OK: $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 0
fi
fi
fi