https://github.com/forwardemail/sslmonitor.com
Never miss an SSL certificate expiration again. Get timely alerts, monitor certificate status, and ensure continuous website security with our SSL monitoring solution.
https://github.com/forwardemail/sslmonitor.com
alerting alerts automated certificate check checker cron cronjob crontab expiration expiry monitor monitoring security solution ssl status website
Last synced: 12 months ago
JSON representation
Never miss an SSL certificate expiration again. Get timely alerts, monitor certificate status, and ensure continuous website security with our SSL monitoring solution.
- Host: GitHub
- URL: https://github.com/forwardemail/sslmonitor.com
- Owner: forwardemail
- Created: 2025-04-07T12:53:54.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-07T20:57:25.000Z (about 1 year ago)
- Last Synced: 2025-06-22T06:16:24.331Z (about 1 year ago)
- Topics: alerting, alerts, automated, certificate, check, checker, cron, cronjob, crontab, expiration, expiry, monitor, monitoring, security, solution, ssl, status, website
- Language: JavaScript
- Homepage: http://sslmonitor.com/
- Size: 2.45 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# SSL Certificate Monitoring | Expiry Alerts & Certificate Management
## Never Miss an SSL Certificate Expiration Again
Automated monitoring, timely alerts, and comprehensive certificate management to keep your websites secure and your users protected.
[Get Started](https://forwardemail.net) | [Learn About Forward Email](https://forwardemail.net)
## Comprehensive SSL Certificate Monitoring
### Automated Monitoring
Set up continuous monitoring of all your SSL certificates across multiple domains and servers with minimal configuration.
### Expiration Alerts
Receive timely notifications before certificates expire, with customizable warning thresholds to prevent service disruptions.
### Detailed Reporting
Get comprehensive reports on certificate status, expiration dates, and potential security issues across your infrastructure.
### Security Validation
Verify certificate validity, encryption strength, and protocol compliance to maintain the highest security standards.
## Why Monitor SSL Certificates?
### Prevent Service Disruptions
Expired SSL certificates cause browser warnings and block access to your websites, resulting in lost traffic and revenue. According to a [GlobalSign study](https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences), 65% of organizations have experienced outages due to expired certificates.
### Maintain Customer Trust
Security warnings damage your brand reputation and erode customer confidence. Research by [SSL.com](https://www.ssl.com/article/ssl-certificate-management-best-practices/) shows that 84% of users would abandon a purchase if they saw a security warning.
### Ensure Compliance
Many regulatory frameworks like PCI DSS, HIPAA, and GDPR require proper certificate management. Automated monitoring helps maintain compliance and avoid penalties.
### Reduce Administrative Overhead
Manual certificate tracking is time-consuming and error-prone. Automated monitoring saves IT staff time and reduces the risk of human error.
## Easy Implementation with Forward Email
### Ready-to-Use SSL Certificate Monitoring Script
Below is a complete, production-ready Bash script for monitoring SSL certificate expiration dates and sending alerts via Forward Email. This script can be easily customized to fit your specific security requirements.
```bash
#!/bin/bash
# SSL Certificate Monitor Script
# This script monitors SSL certificate expiration dates and sends alerts via Forward Email
# Usage: Place in /usr/local/bin/ and add to crontab to run daily
# Example crontab entry: 0 8 * * * /usr/local/bin/ssl_monitor.sh
# Configuration
EMAIL_TO="admin@yourdomain.com"
EMAIL_FROM="ssl-alerts@yourdomain.com"
FORWARD_EMAIL_API_KEY="your_api_key_here" # Get from https://forwardemail.net/my-account/security
DOMAINS_FILE="/etc/ssl_monitor/domains.txt" # One domain per line
WARNING_DAYS=30 # Send warning when certificate expires in less than this many days
CRITICAL_DAYS=7 # Send critical alert when certificate expires in less than this many days
LOG_FILE="/var/log/ssl_monitor.log"
# Create config directory and domains file if they don't exist
mkdir -p /etc/ssl_monitor
if [ ! -f "$DOMAINS_FILE" ]; then
echo "# Add domains to monitor, one per line" > "$DOMAINS_FILE"
echo "example.com" >> "$DOMAINS_FILE"
echo "mail.example.com" >> "$DOMAINS_FILE"
fi
# Function to send email via Forward Email HTTP API
send_email_api() {
local subject="$1"
local body="$2"
curl -X POST "https://api.forwardemail.net/v1/emails" \
-H "Content-Type: application/json" \
-u "$FORWARD_EMAIL_API_KEY:" \
-d '{
"from": "'"$EMAIL_FROM"'",
"to": "'"$EMAIL_TO"'",
"subject": "'"$subject"'",
"html": "'"$body"'",
"text": "'"$body"'"
}'
echo "Alert email sent via API at $(date)" >> "$LOG_FILE"
}
# Function to send email via sendmail (SMTP)
send_email_smtp() {
local subject="$1"
local body="$2"
echo -e "Subject: $subject\nFrom: $EMAIL_FROM\nTo: $EMAIL_TO\nContent-Type: text/html\n\n$body" | \
sendmail -t
echo "Alert email sent via SMTP at $(date)" >> "$LOG_FILE"
}
# Function to check SSL certificate expiration
check_certificate() {
local domain="$1"
local expiry_date=""
local days_left=0
local status="OK"
local error_message=""
# Get certificate expiration date
expiry_date=$(echo | openssl s_client -servername "$domain" -connect "$domain":443 2>/dev/null | \
openssl x509 -noout -enddate 2>/dev/null | \
sed -e 's/notAfter=//')
if [ -z "$expiry_date" ]; then
status="ERROR"
error_message="Could not retrieve certificate for $domain"
days_left=0
else
# Convert expiry date to seconds since epoch
expiry_seconds=$(date -d "$expiry_date" +%s)
current_seconds=$(date +%s)
# Calculate days left
seconds_left=$((expiry_seconds - current_seconds))
days_left=$((seconds_left / 86400))
# Determine status
if [ $days_left -lt $CRITICAL_DAYS ]; then
status="CRITICAL"
elif [ $days_left -lt $WARNING_DAYS ]; then
status="WARNING"
fi
fi
# Return results
echo "$domain|$expiry_date|$days_left|$status|$error_message"
}
# Initialize HTML report
HTML_REPORT="
SSL Certificate Monitoring Report
Date: $(date)
Server: $(hostname)
Domain
Expiry Date
Days Left
Status
"
# Check each domain
ALERT_NEEDED=false
while read -r domain || [ -n "$domain" ]; do
# Skip comments and empty lines
[[ "$domain" =~ ^#.*$ || -z "$domain" ]] && continue
echo "Checking certificate for $domain..." >> "$LOG_FILE"
# Get certificate info
cert_info=$(check_certificate "$domain")
# Parse results
domain_name=$(echo "$cert_info" | cut -d'|' -f1)
expiry_date=$(echo "$cert_info" | cut -d'|' -f2)
days_left=$(echo "$cert_info" | cut -d'|' -f3)
status=$(echo "$cert_info" | cut -d'|' -f4)
error_message=$(echo "$cert_info" | cut -d'|' -f5)
# Set row color based on status
row_color="#ffffff" # Default white
if [ "$status" = "WARNING" ]; then
row_color="#fff3cd" # Light yellow
ALERT_NEEDED=true
elif [ "$status" = "CRITICAL" ]; then
row_color="#f8d7da" # Light red
ALERT_NEEDED=true
elif [ "$status" = "ERROR" ]; then
row_color="#f8d7da" # Light red
ALERT_NEEDED=true
fi
# Add to HTML report
HTML_REPORT+="
$domain_name
$expiry_date
$days_left
$status
"
# Log results
echo "$domain: $status - Expires: $expiry_date ($days_left days left)" >> "$LOG_FILE"
if [ -n "$error_message" ]; then
echo " Error: $error_message" >> "$LOG_FILE"
fi
done < "$DOMAINS_FILE"
# Complete HTML report
HTML_REPORT+="
This is an automated alert from your SSL certificate monitoring system.
Note: It is recommended to renew certificates at least 14 days before expiration.
Renewal Instructions:
- For Let's Encrypt certificates: Run
certbot renew
- For other certificates: Contact your certificate provider or generate a new CSR
"
# Send alert if needed
if [ "$ALERT_NEEDED" = true ]; then
EMAIL_SUBJECT="SSL Certificate Alert: $(hostname) - $(date +%Y-%m-%d)"
# Uncomment one of these methods based on your preference:
send_email_api "$EMAIL_SUBJECT" "$HTML_REPORT"
# send_email_smtp "$EMAIL_SUBJECT" "$HTML_REPORT"
echo "Alert sent due to expiring certificates" >> "$LOG_FILE"
else
echo "No alerts needed, all certificates are valid" >> "$LOG_FILE"
fi
exit 0
```
### Installation Steps
1. **Create the Script File**
```bash
sudo nano /usr/local/bin/ssl_monitor.sh
```
Copy and paste the script above, then save the file.
2. **Make the Script Executable**
```bash
sudo chmod +x /usr/local/bin/ssl_monitor.sh
```
3. **Configure the Script**
Update the email addresses and API key in the script configuration section.
4. **Create Domains List**
```bash
sudo mkdir -p /etc/ssl_monitor
sudo nano /etc/ssl_monitor/domains.txt
```
Add your domains, one per line.
5. **Set Up Scheduled Monitoring**
```bash
sudo crontab -e
```
Add the following line to run the script daily at 8 AM:
```
0 8 * * * /usr/local/bin/ssl_monitor.sh
```
6. **Test the Script**
```bash
sudo /usr/local/bin/ssl_monitor.sh
```
## Best Practices for SSL Certificate Management
### Centralized Inventory
Maintain a central inventory of all certificates, their locations, and expiration dates.
### Standardized Renewal Process
Establish a standardized process for certificate renewal to ensure consistency and reduce errors.
### Automated Renewal
Where possible, implement automated renewal using services like Let's Encrypt and certbot.
### Certificate Authority Monitoring
Monitor your Certificate Authority for security issues or policy changes that might affect your certificates.
### Regular Audits
Conduct regular audits of your SSL infrastructure to identify unauthorized or forgotten certificates.
## Resources
### GitHub Repository
Access the full SSL monitoring script and additional security tools on our [GitHub repository](https://github.com/forwardemail/ssl-monitoring-tools).
### Documentation
Comprehensive documentation on SSL certificate management best practices is available in our [knowledge base](https://forwardemail.net/guides).
### Community Support
Join our community forum to discuss SSL security, share experiences, and get help with implementation.
## Ready to Secure Your Websites?
Start monitoring your SSL certificates today with our easy-to-implement solution.
[Get Started with Forward Email](https://forwardemail.net) | [View Documentation](https://forwardemail.net/guides)
## Citations & References
1. GlobalSign. (2024). *SSL Certificate Expiration Consequences*. Retrieved April 5, 2025, from [https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences](https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences)
2. SSL.com. (2024). *SSL Certificate Management Best Practices*. Retrieved April 5, 2025, from [https://www.ssl.com/article/ssl-certificate-management-best-practices/](https://www.ssl.com/article/ssl-certificate-management-best-practices/)
3. Let's Encrypt. (2025). *Certificate Automation Guide*. Retrieved April 5, 2025, from [https://letsencrypt.org/docs/](https://letsencrypt.org/docs/)
4. Forward Email. (2025). *Email API Documentation*. Retrieved April 5, 2025, from [https://forwardemail.net/email-api](https://forwardemail.net/email-api)