1、配置文件config.json
bash
{
"dingtalk-webhook": "https://oapi.dingtalk.com/robot/send?access_token=XXXXXXXXXXXXXX",
"secret": "XXXXXXXXXXXXXXXXXXXXXX",
"domains": [
"www.advd.tel",
"dre.dfefer.cn:8443"
]
}2、Python脚本正文
python
#!/usr/bin/python3
import ssl
import socket
from datetime import datetime
import requests
import hashlib
import hmac
import base64
import time
import json
def get_ssl_cert_expiration(domain, port=443):
try:
context = ssl.create_default_context()
conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=domain)
conn.connect((domain, port))
cert = conn.getpeercert()
conn.close()
# Extract the expiration date from the certificate
not_after = cert['notAfter']
# Convert the date string to a datetime object
expiration_date = datetime.strptime(not_after, '%b %d %H:%M:%S %Y %Z')
return expiration_date
except Exception as e:
raise RuntimeError(f"Error retrieving SSL certificate for {domain} on port {port}: {str(e)}")
def send_dingtalk_message(webhook_url, secret, message):
headers = {'Content-Type': 'application/json'}
# Get the current timestamp in milliseconds
timestamp = str(int(round(time.time() * 1000)))
# Combine timestamp and secret to create a sign string
sign_string = f"{timestamp}\n{secret}"
# Calculate the HMAC-SHA256 signature
sign = base64.b64encode(hmac.new(secret.encode(), sign_string.encode(), hashlib.sha256).digest()).decode()
# Create the payload with the calculated signature
payload = {
"msgtype": "text",
"text": {
"content": message
},
"timestamp": timestamp,
"sign": sign
}
response = requests.post(f"{webhook_url}×tamp={timestamp}&sign={sign}", json=payload, headers=headers)
if response.status_code == 200:
print("Message sent successfully to DingTalk")
else:
print(f"Failed to send message to DingTalk. HTTP Status Code: {response.status_code}")
def parse_domain_and_port(domain_with_port):
if ':' in domain_with_port:
domain, port = domain_with_port.split(':')
return domain, int(port)
else:
return domain_with_port, 443 # 默认使用443端口
if __name__ == "__main__":
# 从配置文件中加载配置
with open("config.json", 'r') as config_file:
config = json.load(config_file)
dingtalk_webhook = config.get("dingtalk-webhook")
secret = config.get("secret")
domains = config.get("domains")
for domain_with_port in domains:
domain, port = parse_domain_and_port(domain_with_port)
try:
expiration_date = get_ssl_cert_expiration(domain, port)
current_date = datetime.now()
days_remaining = (expiration_date - current_date).days
print(f"SSL certificate for {domain} (port {port}) expires on {expiration_date}")
print(f"Days remaining: {days_remaining} days")
if days_remaining < 10:
message = f"SSL certificate for {domain} (port {port}) will expire on {expiration_date}. Only {days_remaining} days remaining."
send_dingtalk_message(dingtalk_webhook, secret, message)
except Exception as e:
error_message = f"Failed to retrieve SSL certificate for {domain} (port {port}). Error: {str(e)}"
print(error_message)
send_dingtalk_message(dingtalk_webhook, secret, error_message)3、执行命令
bash
/usr/bin/python3 /root/ssl/ssl_spirtime_check.py --config-file /root/ssl/config.json