# certificate-expire-check

A simple Python utility to monitor SSL/TLS certificate expiration for a list of domains and send notifications via email.

## Project Structure

```
project/
├── conf/
│   ├── mail.conf       # SMTP configuration
│   └── domains.txt     # List of domains and optional ports
├── main.py             # Entry-point script
├── modules/
│   ├── __init__.py
│   ├── config.py       # Configuration loader
│   ├── domains.py      # Domain list parser
│   ├── checker.py      # Certificate expiration checker
│   └── notifier.py     # SMTP notifier
├── Makefile
└── README.md
```

## Prerequisites

* Python 3.9+
* tzdata
* make(optional)
* Root or sudo privileges for auto installation and cron setup with Makefile

## Configuration

1. **SMTP Settings**: Edit `conf/mail.conf`:

2. **Domain List**: Edit `conf/domains.txt`, one domain per line. Append `:port` to specify a custom port (default is 443):

   ```
   example.com:443
   google.com
   expired.badssl.com:8443
   ```

## Installation

From the project root, run:

```bash
sudo make all
```

This will:

1. Create a system user `certificate-expire-check` if it does not exist
2. Copy project files to `/etc/certificate-expire-check`
3. Set ownership to the `certificate-expire-check` user
4. Install a cron job that runs every 10 days at midnight

## Makefile Targets

* **all**: Runs `user`, `install`, and `cron` in sequence
* **user**: Creates the system user
* **install**: Copies files and sets permissions
* **cron**: Adds the following cron entry for the user:

  ```cron
  0 0 */10 * * /usr/bin/python3 /etc/certificate-expire-check/main.py >> /var/log/certificate-expire-check.log 2>&1
  ```
* **clean**: Removes the cron job, deletes the system user, and removes the installation directory

## Usage

* Logs are written to `/var/log/certificate-expire-check.log`.
* Manually trigger the check with:

  ```bash
  sudo -u certificate-expire-check /usr/bin/python3 /etc/certificate-expire-check/main.py
  ```