certificate-expire-check

A simple Python utility to monitor SSL/TLS certificate expiration for a list of domains and send notifications via email.

Project Structure

project/
├── conf/
│   ├── mail.conf       # SMTP configuration
│   └── domains.txt     # List of domains and optional ports
├── main.py             # Entry-point script
├── modules/
│   ├── __init__.py
│   ├── config.py       # Configuration loader
│   ├── domains.py      # Domain list parser
│   ├── checker.py      # Certificate expiration checker
│   └── notifier.py     # SMTP notifier
├── Makefile
└── README.md

Prerequisites

• Python 3.9+
• tzdata
• make(optional)
• Root or sudo privileges for auto installation and cron setup with Makefile

Configuration

1. SMTP Settings: Edit conf/mail.conf:

2. Domain List: Edit conf/domains.txt, one domain per line. Append :port to specify a custom port (default is 443):

   example.com:443
   google.com
   expired.badssl.com:8443
   

Installation

From the project root, run:

sudo make all

This will:

1. Create a system user certificate-expire-check if it does not exist
2. Copy project files to /etc/certificate-expire-check
3. Set ownership to the certificate-expire-check user
4. Install a cron job that runs every 10 days at midnight

Makefile Targets

• all: Runs user, install, and cron in sequence

• user: Creates the system user

• install: Copies files and sets permissions

• cron: Adds the following cron entry for the user:

  0 0 */10 * * /usr/bin/python3 /etc/certificate-expire-check/main.py >> /var/log/certificate-expire-check.log 2>&1
  

• clean: Removes the cron job, deletes the system user, and removes the installation directory

Usage

• Logs are written to /var/log/certificate-expire-check.log.

• Manually trigger the check with:

  sudo -u certificate-expire-check /usr/bin/python3 /etc/certificate-expire-check/main.py