An open API service indexing awesome lists of open source software.

https://github.com/forwardemail/sslmonitor.com

Never miss an SSL certificate expiration again. Get timely alerts, monitor certificate status, and ensure continuous website security with our SSL monitoring solution.
https://github.com/forwardemail/sslmonitor.com

alerting alerts automated certificate check checker cron cronjob crontab expiration expiry monitor monitoring security solution ssl status website

Last synced: 12 months ago
JSON representation

Never miss an SSL certificate expiration again. Get timely alerts, monitor certificate status, and ensure continuous website security with our SSL monitoring solution.

Awesome Lists containing this project

README

          

# SSL Certificate Monitoring | Expiry Alerts & Certificate Management

## Never Miss an SSL Certificate Expiration Again

Automated monitoring, timely alerts, and comprehensive certificate management to keep your websites secure and your users protected.

[Get Started](https://forwardemail.net) | [Learn About Forward Email](https://forwardemail.net)

## Comprehensive SSL Certificate Monitoring

### Automated Monitoring
Set up continuous monitoring of all your SSL certificates across multiple domains and servers with minimal configuration.

### Expiration Alerts
Receive timely notifications before certificates expire, with customizable warning thresholds to prevent service disruptions.

### Detailed Reporting
Get comprehensive reports on certificate status, expiration dates, and potential security issues across your infrastructure.

### Security Validation
Verify certificate validity, encryption strength, and protocol compliance to maintain the highest security standards.

## Why Monitor SSL Certificates?

### Prevent Service Disruptions
Expired SSL certificates cause browser warnings and block access to your websites, resulting in lost traffic and revenue. According to a [GlobalSign study](https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences), 65% of organizations have experienced outages due to expired certificates.

### Maintain Customer Trust
Security warnings damage your brand reputation and erode customer confidence. Research by [SSL.com](https://www.ssl.com/article/ssl-certificate-management-best-practices/) shows that 84% of users would abandon a purchase if they saw a security warning.

### Ensure Compliance
Many regulatory frameworks like PCI DSS, HIPAA, and GDPR require proper certificate management. Automated monitoring helps maintain compliance and avoid penalties.

### Reduce Administrative Overhead
Manual certificate tracking is time-consuming and error-prone. Automated monitoring saves IT staff time and reduces the risk of human error.

## Easy Implementation with Forward Email

### Ready-to-Use SSL Certificate Monitoring Script

Below is a complete, production-ready Bash script for monitoring SSL certificate expiration dates and sending alerts via Forward Email. This script can be easily customized to fit your specific security requirements.

```bash
#!/bin/bash
# SSL Certificate Monitor Script
# This script monitors SSL certificate expiration dates and sends alerts via Forward Email
# Usage: Place in /usr/local/bin/ and add to crontab to run daily
# Example crontab entry: 0 8 * * * /usr/local/bin/ssl_monitor.sh

# Configuration
EMAIL_TO="admin@yourdomain.com"
EMAIL_FROM="ssl-alerts@yourdomain.com"
FORWARD_EMAIL_API_KEY="your_api_key_here" # Get from https://forwardemail.net/my-account/security
DOMAINS_FILE="/etc/ssl_monitor/domains.txt" # One domain per line
WARNING_DAYS=30 # Send warning when certificate expires in less than this many days
CRITICAL_DAYS=7 # Send critical alert when certificate expires in less than this many days
LOG_FILE="/var/log/ssl_monitor.log"

# Create config directory and domains file if they don't exist
mkdir -p /etc/ssl_monitor
if [ ! -f "$DOMAINS_FILE" ]; then
echo "# Add domains to monitor, one per line" > "$DOMAINS_FILE"
echo "example.com" >> "$DOMAINS_FILE"
echo "mail.example.com" >> "$DOMAINS_FILE"
fi

# Function to send email via Forward Email HTTP API
send_email_api() {
local subject="$1"
local body="$2"

curl -X POST "https://api.forwardemail.net/v1/emails" \
-H "Content-Type: application/json" \
-u "$FORWARD_EMAIL_API_KEY:" \
-d '{
"from": "'"$EMAIL_FROM"'",
"to": "'"$EMAIL_TO"'",
"subject": "'"$subject"'",
"html": "'"$body"'",
"text": "'"$body"'"
}'

echo "Alert email sent via API at $(date)" >> "$LOG_FILE"
}

# Function to send email via sendmail (SMTP)
send_email_smtp() {
local subject="$1"
local body="$2"

echo -e "Subject: $subject\nFrom: $EMAIL_FROM\nTo: $EMAIL_TO\nContent-Type: text/html\n\n$body" | \
sendmail -t

echo "Alert email sent via SMTP at $(date)" >> "$LOG_FILE"
}

# Function to check SSL certificate expiration
check_certificate() {
local domain="$1"
local expiry_date=""
local days_left=0
local status="OK"
local error_message=""

# Get certificate expiration date
expiry_date=$(echo | openssl s_client -servername "$domain" -connect "$domain":443 2>/dev/null | \
openssl x509 -noout -enddate 2>/dev/null | \
sed -e 's/notAfter=//')

if [ -z "$expiry_date" ]; then
status="ERROR"
error_message="Could not retrieve certificate for $domain"
days_left=0
else
# Convert expiry date to seconds since epoch
expiry_seconds=$(date -d "$expiry_date" +%s)
current_seconds=$(date +%s)

# Calculate days left
seconds_left=$((expiry_seconds - current_seconds))
days_left=$((seconds_left / 86400))

# Determine status
if [ $days_left -lt $CRITICAL_DAYS ]; then
status="CRITICAL"
elif [ $days_left -lt $WARNING_DAYS ]; then
status="WARNING"
fi
fi

# Return results
echo "$domain|$expiry_date|$days_left|$status|$error_message"
}

# Initialize HTML report
HTML_REPORT="

SSL Certificate Monitoring Report


Date: $(date)


Server: $(hostname)

Domain
Expiry Date
Days Left
Status
"

# Check each domain
ALERT_NEEDED=false
while read -r domain || [ -n "$domain" ]; do
# Skip comments and empty lines
[[ "$domain" =~ ^#.*$ || -z "$domain" ]] && continue

echo "Checking certificate for $domain..." >> "$LOG_FILE"

# Get certificate info
cert_info=$(check_certificate "$domain")

# Parse results
domain_name=$(echo "$cert_info" | cut -d'|' -f1)
expiry_date=$(echo "$cert_info" | cut -d'|' -f2)
days_left=$(echo "$cert_info" | cut -d'|' -f3)
status=$(echo "$cert_info" | cut -d'|' -f4)
error_message=$(echo "$cert_info" | cut -d'|' -f5)

# Set row color based on status
row_color="#ffffff" # Default white
if [ "$status" = "WARNING" ]; then
row_color="#fff3cd" # Light yellow
ALERT_NEEDED=true
elif [ "$status" = "CRITICAL" ]; then
row_color="#f8d7da" # Light red
ALERT_NEEDED=true
elif [ "$status" = "ERROR" ]; then
row_color="#f8d7da" # Light red
ALERT_NEEDED=true
fi

# Add to HTML report
HTML_REPORT+="
$domain_name
$expiry_date
$days_left
$status
"

# Log results
echo "$domain: $status - Expires: $expiry_date ($days_left days left)" >> "$LOG_FILE"

if [ -n "$error_message" ]; then
echo " Error: $error_message" >> "$LOG_FILE"
fi

done < "$DOMAINS_FILE"

# Complete HTML report
HTML_REPORT+="

This is an automated alert from your SSL certificate monitoring system.


Note: It is recommended to renew certificates at least 14 days before expiration.


Renewal Instructions:



  1. For Let's Encrypt certificates: Run certbot renew

  2. For other certificates: Contact your certificate provider or generate a new CSR

"

# Send alert if needed
if [ "$ALERT_NEEDED" = true ]; then
EMAIL_SUBJECT="SSL Certificate Alert: $(hostname) - $(date +%Y-%m-%d)"

# Uncomment one of these methods based on your preference:
send_email_api "$EMAIL_SUBJECT" "$HTML_REPORT"
# send_email_smtp "$EMAIL_SUBJECT" "$HTML_REPORT"

echo "Alert sent due to expiring certificates" >> "$LOG_FILE"
else
echo "No alerts needed, all certificates are valid" >> "$LOG_FILE"
fi

exit 0
```

### Installation Steps

1. **Create the Script File**
```bash
sudo nano /usr/local/bin/ssl_monitor.sh
```
Copy and paste the script above, then save the file.

2. **Make the Script Executable**
```bash
sudo chmod +x /usr/local/bin/ssl_monitor.sh
```

3. **Configure the Script**
Update the email addresses and API key in the script configuration section.

4. **Create Domains List**
```bash
sudo mkdir -p /etc/ssl_monitor
sudo nano /etc/ssl_monitor/domains.txt
```
Add your domains, one per line.

5. **Set Up Scheduled Monitoring**
```bash
sudo crontab -e
```
Add the following line to run the script daily at 8 AM:
```
0 8 * * * /usr/local/bin/ssl_monitor.sh
```

6. **Test the Script**
```bash
sudo /usr/local/bin/ssl_monitor.sh
```

## Best Practices for SSL Certificate Management

### Centralized Inventory
Maintain a central inventory of all certificates, their locations, and expiration dates.

### Standardized Renewal Process
Establish a standardized process for certificate renewal to ensure consistency and reduce errors.

### Automated Renewal
Where possible, implement automated renewal using services like Let's Encrypt and certbot.

### Certificate Authority Monitoring
Monitor your Certificate Authority for security issues or policy changes that might affect your certificates.

### Regular Audits
Conduct regular audits of your SSL infrastructure to identify unauthorized or forgotten certificates.

## Resources

### GitHub Repository
Access the full SSL monitoring script and additional security tools on our [GitHub repository](https://github.com/forwardemail/ssl-monitoring-tools).

### Documentation
Comprehensive documentation on SSL certificate management best practices is available in our [knowledge base](https://forwardemail.net/guides).

### Community Support
Join our community forum to discuss SSL security, share experiences, and get help with implementation.

## Ready to Secure Your Websites?

Start monitoring your SSL certificates today with our easy-to-implement solution.

[Get Started with Forward Email](https://forwardemail.net) | [View Documentation](https://forwardemail.net/guides)

## Citations & References

1. GlobalSign. (2024). *SSL Certificate Expiration Consequences*. Retrieved April 5, 2025, from [https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences](https://www.globalsign.com/en/blog/ssl-certificate-expiration-consequences)
2. SSL.com. (2024). *SSL Certificate Management Best Practices*. Retrieved April 5, 2025, from [https://www.ssl.com/article/ssl-certificate-management-best-practices/](https://www.ssl.com/article/ssl-certificate-management-best-practices/)
3. Let's Encrypt. (2025). *Certificate Automation Guide*. Retrieved April 5, 2025, from [https://letsencrypt.org/docs/](https://letsencrypt.org/docs/)
4. Forward Email. (2025). *Email API Documentation*. Retrieved April 5, 2025, from [https://forwardemail.net/email-api](https://forwardemail.net/email-api)