On 11/09/2017 12:33, Christian Kivalo wrote:
On 2017-09-11 11:21, Dominic Raferd wrote:
Does anyone know a way to detect if the certificate currently being
used by Postfix and/or Dovecot is nearing expiry (esp. in case they
haven't picked up the updated letsencrypt certificate)?
You mean like this from the letsencrypt forum
adapted for submission on port 587 with starttls:
openssl s_client -connect yourdomain.tld:587 -starttls smtp
-servername yourdomain.tld 2>/dev/null | openssl x509 -noout -dates
https://community.letsencrypt.org/t/it-there-a-command-to-show-how-many-days-certificate-you-have/11351/2
Thanks to all for the great tips. This example gives exit code 1 if the
certificate has less than 3 days (259200 seconds) to expiry:
echo|sudo openssl s_client -connect 127.0.0.1:587 -starttls smtp
-servername my.domain.tld 2>/dev/null|openssl x509 -noout -checkend 259200
