{"id":28411533,"url":"https://github.com/forwardemail/sslmonitor.com","last_synced_at":"2025-07-06T17:04:32.254Z","repository":{"id":287456706,"uuid":"961965379","full_name":"forwardemail/sslmonitor.com","owner":"forwardemail","description":"Never miss an SSL certificate expiration again. Get timely alerts, monitor certificate status, and ensure continuous website security with our SSL monitoring solution.","archived":false,"fork":false,"pushed_at":"2025-04-07T20:57:25.000Z","size":2569,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-22T06:16:24.331Z","etag":null,"topics":["alerting","alerts","automated","certificate","check","checker","cron","cronjob","crontab","expiration","expiry","monitor","monitoring","security","solution","ssl","status","website"],"latest_commit_sha":null,"homepage":"http://sslmonitor.com/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/forwardemail.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-07T12:53:54.000Z","updated_at":"2025-04-07T20:57:29.000Z","dependencies_parsed_at":"2025-04-11T20:58:43.477Z","dependency_job_id":null,"html_url":"https://github.com/forwardemail/sslmonitor.com","commit_stats":null,"previous_names":["forwardemail/sslmonitor.com"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/forwardemail/sslmonitor.com","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forwardemail%2Fsslmonitor.com","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forwardemail%2Fsslmonitor.com/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forwardemail%2Fsslmonitor.com/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forwardemail%2Fsslmonitor.com/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/forwardemail","download_url":"https://codeload.github.com/forwardemail/sslmonitor.com/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forwardemail%2Fsslmonitor.com/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261575623,"owners_count":23179553,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alerting","alerts","automated","certificate","check","checker","cron","cronjob","crontab","expiration","expiry","monitor","monitoring","security","solution","ssl","status","website"],"created_at":"2025-06-02T16:20:11.142Z","updated_at":"2025-06-23T23:31:36.448Z","avatar_url":"https://github.com/forwardemail.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# SSL Certificate Monitoring | Expiry Alerts \u0026 Certificate Management\n\n## Never Miss an SSL Certificate Expiration Again\n\nAutomated monitoring, timely alerts, and comprehensive certificate management to keep your websites secure and your users protected.\n\n[Get Started](https://forwardemail.net) | [Learn About Forward Email](https://forwardemail.net)\n\n## Comprehensive SSL Certificate Monitoring\n\n### Automated Monitoring\nSet up continuous monitoring of all your SSL certificates across multiple domains and servers with minimal configuration.\n\n### Expiration Alerts\nReceive timely notifications before certificates expire, with customizable warning thresholds to prevent service disruptions.\n\n### Detailed Reporting\nGet comprehensive reports on certificate status, expiration dates, and potential security issues across your infrastructure.\n\n### Security Validation\nVerify certificate validity, encryption strength, and protocol compliance to maintain the highest security standards.\n\n## Why Monitor SSL Certificates?\n\n### Prevent Service Disruptions\nExpired SSL certificates cause browser warnings and block access to your websites, resulting in lost traffic and revenue. According to a [GlobalSign study](https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences), 65% of organizations have experienced outages due to expired certificates.\n\n### Maintain Customer Trust\nSecurity warnings damage your brand reputation and erode customer confidence. Research by [SSL.com](https://www.ssl.com/article/ssl-certificate-management-best-practices/) shows that 84% of users would abandon a purchase if they saw a security warning.\n\n### Ensure Compliance\nMany regulatory frameworks like PCI DSS, HIPAA, and GDPR require proper certificate management. Automated monitoring helps maintain compliance and avoid penalties.\n\n### Reduce Administrative Overhead\nManual certificate tracking is time-consuming and error-prone. Automated monitoring saves IT staff time and reduces the risk of human error.\n\n## Easy Implementation with Forward Email\n\n### Ready-to-Use SSL Certificate Monitoring Script\n\nBelow is a complete, production-ready Bash script for monitoring SSL certificate expiration dates and sending alerts via Forward Email. This script can be easily customized to fit your specific security requirements.\n\n```bash\n#!/bin/bash\n# SSL Certificate Monitor Script\n# This script monitors SSL certificate expiration dates and sends alerts via Forward Email\n# Usage: Place in /usr/local/bin/ and add to crontab to run daily\n# Example crontab entry: 0 8 * * * /usr/local/bin/ssl_monitor.sh\n\n# Configuration\nEMAIL_TO=\"admin@yourdomain.com\"\nEMAIL_FROM=\"ssl-alerts@yourdomain.com\"\nFORWARD_EMAIL_API_KEY=\"your_api_key_here\" # Get from https://forwardemail.net/my-account/security\nDOMAINS_FILE=\"/etc/ssl_monitor/domains.txt\" # One domain per line\nWARNING_DAYS=30 # Send warning when certificate expires in less than this many days\nCRITICAL_DAYS=7 # Send critical alert when certificate expires in less than this many days\nLOG_FILE=\"/var/log/ssl_monitor.log\"\n\n# Create config directory and domains file if they don't exist\nmkdir -p /etc/ssl_monitor\nif [ ! -f \"$DOMAINS_FILE\" ]; then\n    echo \"# Add domains to monitor, one per line\" \u003e \"$DOMAINS_FILE\"\n    echo \"example.com\" \u003e\u003e \"$DOMAINS_FILE\"\n    echo \"mail.example.com\" \u003e\u003e \"$DOMAINS_FILE\"\nfi\n\n# Function to send email via Forward Email HTTP API\nsend_email_api() {\n    local subject=\"$1\"\n    local body=\"$2\"\n\n    curl -X POST \"https://api.forwardemail.net/v1/emails\" \\\n      -H \"Content-Type: application/json\" \\\n      -u \"$FORWARD_EMAIL_API_KEY:\" \\\n      -d '{\n        \"from\": \"'\"$EMAIL_FROM\"'\",\n        \"to\": \"'\"$EMAIL_TO\"'\",\n        \"subject\": \"'\"$subject\"'\",\n        \"html\": \"'\"$body\"'\",\n        \"text\": \"'\"$body\"'\"\n      }'\n\n    echo \"Alert email sent via API at $(date)\" \u003e\u003e \"$LOG_FILE\"\n}\n\n# Function to send email via sendmail (SMTP)\nsend_email_smtp() {\n    local subject=\"$1\"\n    local body=\"$2\"\n\n    echo -e \"Subject: $subject\\nFrom: $EMAIL_FROM\\nTo: $EMAIL_TO\\nContent-Type: text/html\\n\\n$body\" | \\\n    sendmail -t\n\n    echo \"Alert email sent via SMTP at $(date)\" \u003e\u003e \"$LOG_FILE\"\n}\n\n# Function to check SSL certificate expiration\ncheck_certificate() {\n    local domain=\"$1\"\n    local expiry_date=\"\"\n    local days_left=0\n    local status=\"OK\"\n    local error_message=\"\"\n\n    # Get certificate expiration date\n    expiry_date=$(echo | openssl s_client -servername \"$domain\" -connect \"$domain\":443 2\u003e/dev/null | \\\n                 openssl x509 -noout -enddate 2\u003e/dev/null | \\\n                 sed -e 's/notAfter=//')\n\n    if [ -z \"$expiry_date\" ]; then\n        status=\"ERROR\"\n        error_message=\"Could not retrieve certificate for $domain\"\n        days_left=0\n    else\n        # Convert expiry date to seconds since epoch\n        expiry_seconds=$(date -d \"$expiry_date\" +%s)\n        current_seconds=$(date +%s)\n\n        # Calculate days left\n        seconds_left=$((expiry_seconds - current_seconds))\n        days_left=$((seconds_left / 86400))\n\n        # Determine status\n        if [ $days_left -lt $CRITICAL_DAYS ]; then\n            status=\"CRITICAL\"\n        elif [ $days_left -lt $WARNING_DAYS ]; then\n            status=\"WARNING\"\n        fi\n    fi\n\n    # Return results\n    echo \"$domain|$expiry_date|$days_left|$status|$error_message\"\n}\n\n# Initialize HTML report\nHTML_REPORT=\"\u003ch2\u003eSSL Certificate Monitoring Report\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eDate:\u003c/strong\u003e $(date)\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eServer:\u003c/strong\u003e $(hostname)\u003c/p\u003e\n\u003ctable border='1' cellpadding='5' cellspacing='0' style='border-collapse: collapse;'\u003e\n\u003ctr style='background-color: #f2f2f2;'\u003e\n  \u003cth\u003eDomain\u003c/th\u003e\n  \u003cth\u003eExpiry Date\u003c/th\u003e\n  \u003cth\u003eDays Left\u003c/th\u003e\n  \u003cth\u003eStatus\u003c/th\u003e\n\u003c/tr\u003e\"\n\n# Check each domain\nALERT_NEEDED=false\nwhile read -r domain || [ -n \"$domain\" ]; do\n    # Skip comments and empty lines\n    [[ \"$domain\" =~ ^#.*$ || -z \"$domain\" ]] \u0026\u0026 continue\n\n    echo \"Checking certificate for $domain...\" \u003e\u003e \"$LOG_FILE\"\n\n    # Get certificate info\n    cert_info=$(check_certificate \"$domain\")\n\n    # Parse results\n    domain_name=$(echo \"$cert_info\" | cut -d'|' -f1)\n    expiry_date=$(echo \"$cert_info\" | cut -d'|' -f2)\n    days_left=$(echo \"$cert_info\" | cut -d'|' -f3)\n    status=$(echo \"$cert_info\" | cut -d'|' -f4)\n    error_message=$(echo \"$cert_info\" | cut -d'|' -f5)\n\n    # Set row color based on status\n    row_color=\"#ffffff\" # Default white\n    if [ \"$status\" = \"WARNING\" ]; then\n        row_color=\"#fff3cd\" # Light yellow\n        ALERT_NEEDED=true\n    elif [ \"$status\" = \"CRITICAL\" ]; then\n        row_color=\"#f8d7da\" # Light red\n        ALERT_NEEDED=true\n    elif [ \"$status\" = \"ERROR\" ]; then\n        row_color=\"#f8d7da\" # Light red\n        ALERT_NEEDED=true\n    fi\n\n    # Add to HTML report\n    HTML_REPORT+=\"\u003ctr style='background-color: $row_color;'\u003e\n  \u003ctd\u003e$domain_name\u003c/td\u003e\n  \u003ctd\u003e$expiry_date\u003c/td\u003e\n  \u003ctd\u003e$days_left\u003c/td\u003e\n  \u003ctd\u003e$status\u003c/td\u003e\n\u003c/tr\u003e\"\n\n    # Log results\n    echo \"$domain: $status - Expires: $expiry_date ($days_left days left)\" \u003e\u003e \"$LOG_FILE\"\n\n    if [ -n \"$error_message\" ]; then\n        echo \"  Error: $error_message\" \u003e\u003e \"$LOG_FILE\"\n    fi\n\ndone \u003c \"$DOMAINS_FILE\"\n\n# Complete HTML report\nHTML_REPORT+=\"\u003c/table\u003e\n\u003cp style='margin-top: 20px;'\u003e\u003cem\u003eThis is an automated alert from your SSL certificate monitoring system.\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e It is recommended to renew certificates at least 14 days before expiration.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eRenewal Instructions:\u003c/strong\u003e\u003c/p\u003e\n\u003col\u003e\n  \u003cli\u003eFor Let's Encrypt certificates: Run \u003ccode\u003ecertbot renew\u003c/code\u003e\u003c/li\u003e\n  \u003cli\u003eFor other certificates: Contact your certificate provider or generate a new CSR\u003c/li\u003e\n\u003c/ol\u003e\"\n\n# Send alert if needed\nif [ \"$ALERT_NEEDED\" = true ]; then\n    EMAIL_SUBJECT=\"SSL Certificate Alert: $(hostname) - $(date +%Y-%m-%d)\"\n\n    # Uncomment one of these methods based on your preference:\n    send_email_api \"$EMAIL_SUBJECT\" \"$HTML_REPORT\"\n    # send_email_smtp \"$EMAIL_SUBJECT\" \"$HTML_REPORT\"\n\n    echo \"Alert sent due to expiring certificates\" \u003e\u003e \"$LOG_FILE\"\nelse\n    echo \"No alerts needed, all certificates are valid\" \u003e\u003e \"$LOG_FILE\"\nfi\n\nexit 0\n```\n\n### Installation Steps\n\n1. **Create the Script File**\n   ```bash\n   sudo nano /usr/local/bin/ssl_monitor.sh\n   ```\n   Copy and paste the script above, then save the file.\n\n2. **Make the Script Executable**\n   ```bash\n   sudo chmod +x /usr/local/bin/ssl_monitor.sh\n   ```\n\n3. **Configure the Script**\n   Update the email addresses and API key in the script configuration section.\n\n4. **Create Domains List**\n   ```bash\n   sudo mkdir -p /etc/ssl_monitor\n   sudo nano /etc/ssl_monitor/domains.txt\n   ```\n   Add your domains, one per line.\n\n5. **Set Up Scheduled Monitoring**\n   ```bash\n   sudo crontab -e\n   ```\n   Add the following line to run the script daily at 8 AM:\n   ```\n   0 8 * * * /usr/local/bin/ssl_monitor.sh\n   ```\n\n6. **Test the Script**\n   ```bash\n   sudo /usr/local/bin/ssl_monitor.sh\n   ```\n\n## Best Practices for SSL Certificate Management\n\n### Centralized Inventory\nMaintain a central inventory of all certificates, their locations, and expiration dates.\n\n### Standardized Renewal Process\nEstablish a standardized process for certificate renewal to ensure consistency and reduce errors.\n\n### Automated Renewal\nWhere possible, implement automated renewal using services like Let's Encrypt and certbot.\n\n### Certificate Authority Monitoring\nMonitor your Certificate Authority for security issues or policy changes that might affect your certificates.\n\n### Regular Audits\nConduct regular audits of your SSL infrastructure to identify unauthorized or forgotten certificates.\n\n## Resources\n\n### GitHub Repository\nAccess the full SSL monitoring script and additional security tools on our [GitHub repository](https://github.com/forwardemail/ssl-monitoring-tools).\n\n### Documentation\nComprehensive documentation on SSL certificate management best practices is available in our [knowledge base](https://forwardemail.net/guides).\n\n### Community Support\nJoin our community forum to discuss SSL security, share experiences, and get help with implementation.\n\n## Ready to Secure Your Websites?\n\nStart monitoring your SSL certificates today with our easy-to-implement solution.\n\n[Get Started with Forward Email](https://forwardemail.net) | [View Documentation](https://forwardemail.net/guides)\n\n## Citations \u0026 References\n\n1. GlobalSign. (2024). *SSL Certificate Expiration Consequences*. Retrieved April 5, 2025, from [https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences](https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences)\n2. SSL.com. (2024). *SSL Certificate Management Best Practices*. Retrieved April 5, 2025, from [https://www.ssl.com/article/ssl-certificate-management-best-practices/](https://www.ssl.com/article/ssl-certificate-management-best-practices/)\n3. Let's Encrypt. (2025). *Certificate Automation Guide*. Retrieved April 5, 2025, from [https://letsencrypt.org/docs/](https://letsencrypt.org/docs/)\n4. Forward Email. (2025). *Email API Documentation*. Retrieved April 5, 2025, from [https://forwardemail.net/email-api](https://forwardemail.net/email-api)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforwardemail%2Fsslmonitor.com","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fforwardemail%2Fsslmonitor.com","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforwardemail%2Fsslmonitor.com/lists"}