Scripts to Help Manage TLS Certs Across Multiple Domains

Some years ago I created a pair of scripts for keeping track of the multiple domain names I manage at work. The first is called chkcertexpiry, which takes a list of FQDNs and live-checks the certificates for each - primarily to make sure they aren't expiring soon, but it also checks a couple other things. I included the issuer name from the start because how I handle expiries depends on if it's Let's Encrypt (I rarely have to do anything about these, but if they don't auto-renew I'll log into the machine and find out what's wrong with the setup about a week before expiry) or if it's an "official" cert (in which case I need about a month's lead time because of local bureaucracy). The script colour-highlights any expiry date that's "soon" (how soon is settable via a switch) and uses another colour to highlight if there are problems with the host (unable to connect, unable to retrieve certificate). The second script is tlsdetails which takes a single FQDN and outputs a number of details about the certificate and the connection to the host.

image: screenshot of both utility scripts in action

Output of chkcertexpiry checking multiple FQDNs and tlsdetails checking www.google.ca

A friend on one of my technical mailing lists mentioned that these sounded generally useful and I should give a talk to our group about them. As I've found these scripts very useful for years, a public release of the software sounded like a good idea. My bosses at Toronto Public Library have kindly agreed to allow me to do this, with at least one of them being openly enthusiastic about the idea (which I think is the correct attitude, we are after all publicly funded).

As I've prepared the scripts for release, I've been finding that every time I look at them I see something that can be improved, or a new feature that needs to be added. But ... they work NOW, and if I don't announce them this improvement process can stretch out forever and no one will ever see the scripts. So let's get it done ...

I'm pleased to make available robotface-utils (The README has notes about the naming if you're curious). Please tell your friends who administer multiple domain names.