/certificate-expiry-monitor

https://certificatemonitor.org

Primary LanguagePHPGNU Affero General Public License v3.0AGPL-3.0

Certificate Expiry Monitor

Notice: https://raymii.org/s/blog/Cancellation_notice_for_cipherlist_ssldecoder_and_certificatemonitor.html

About

Certificate Expiry Monitor is an open source monitoring tool for certificates. It monitors websites and emails you when the certificates are about to expire.

See the example site: https://certificatemonitor.org/

Requirements

  • PHP 5.6+
  • OpenSSL
  • PHP must allow remote fopen.

Installation

Unpack, change some variables, setup a cronjob and go!

First get the code and unpack it to your webroot:

cd /var/www/html/
git clone https://github.com/RaymiiOrg/certificate-expiry-monitor.git

Create the database files, outside of your webroot. If you create these inside your webroot, everybody can read them.

echo '{}' > /var/www/certificate-expiry-monitor-db/pre_checks.json
echo '{}' > /var/www/certificate-expiry-monitor-db/checks.json
echo '{}' > /var/www/certificate-expiry-monitor-db/deleted_checks.json
chown -R $wwwuser /var/www/certificate-expiry-monitor-db/*.json

These files are used by the tool as database for checks.

Change the location of these files in variables.php:

// set this to a location outside of your webroot so that it cannot be accessed via the internets.

$pre_check_file = '/var/www/html/certificate-expiry-monitor/pre_checks.json';
$check_file = '/var/www/html/certificate-expiry-monitor/checks.json';
$deleted_check_file = '/var/www/html/certificate-expiry-monitor/deleted_checks.json';

Also change the $current_domain variable, it is used in all the email addresses.

$current_domain = "certificatemonitor.org";

And $current_link, which may or may not be the same. It is used in the confirm and unsubscribe links, and depends on your webserver configuration. example.com/subdir here means your unsubscribe links will start https://example.com/subdir/unsubscribe.php.

$current_link = "certificatemonitor.org";

Set up the cronjob to run once a day:

# /etc/cron.d/certificate-expiry-monitor
1 1 * * * $wwwuser /path/to/php /var/www/html/certificate-expiry-monitor/cron.php >> /var/log/certificate-expiry-monitor.log 2>&1

The default timeout for checks is 2 seconds. If this is too fast for your internal services, this can be raised in the variables.php file.