定時檢測SSL證書過期情況併發送通知
阿新 • • 發佈:2018-12-17
Let’s Encrypt免費證書除非3個月有效期,到期需要續簽。
固然像寶塔一樣的面板在申請證書後會主動增加crontab任務,主動續簽。但是偶然候需要手動去檢測證書失期情況,以免失期了還不曉得。
因而就想著通過PHP來檢測證書的失期時間,然後傳送方糖告知。
核心
通過PHP裡的Streams擴充套件功能(stream_context_create、stream_socket_client等)函式建立並返回1個資源流,然後通過openssl_x509_parse函式解析證書資訊
stream_context_create函式詳解:http://www.php.net/manual/zh/book.stream.php
程式碼
下載:https://file.bugxia.com/s/KN6t7y7drYH92Tr
<?php //需要檢查的域名陣列 $domains = array( "bugxia.com", "baidu.com" ); foreach($domains as $domain){ $result = check($domain); echo $domain." ---- ".$result."<br>"; } //檢測證書資訊 function check($domain){ $stream_option = array( "ssl" => array( "capture_peer_cert_chain" => true ) ); $stream = stream_context_create($stream_option); $stream_client = stream_socket_client("ssl://".$domain.":443", $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $stream); if(!$stream_client){ return "產生錯誤,錯誤程式碼:".$errno; } $stream_info = stream_context_get_params($stream_client); stream_socket_shutdown($stream_client, STREAM_SHUT_WR); foreach ($stream_info["options"]["ssl"]["peer_certificate_chain"] as $cert) { $cerInfo = openssl_x509_parse($cert); if(strstr($cerInfo["extensions"]["subjectAltName"],"DNS:".$domain) != false){ return expireLeft($cerInfo['validTo_time_t']); if($cerInfo['validTo_time_t'] - time() < 86400){ sendFTQQ($domain); } }else{ return "未發現該證書對應的域名:".$cerInfo["extensions"]["subjectAltName"]; } } } //證書到期時間格式化 function expireLeft($exp_time){ $sec = $exp_time - time(); switch ($sec) { case $sec<0: return "已失期"; break; case $sec > 0 and $sec < 61: return $c."秒"; break; case $sec < 3600 and $sec > 60: return round($c/60,0)."分鐘"; break; case $sec < 86401 and $sec > 3600: return round($c/3600,0)."小時"; break; case $sec > 86400: return floor($sec/86400)."天"; break; } } //方糖告知 //申請地址:http://sc.ftqq.com/3.version function sendFTQQ($domain){ $SCKEY = "方糖KEY"; $url = 'https://sc.ftqq.com/'.$SCKEY.'.send?desp='.urlencode($domain).'&text='.urlencode("域名證書到期告知"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_SSLVERSION , CURL_SSLVERSION_DEFAULT); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); return; } ?>
原文連結:https://host.fubi.hk/foreshadowinghost/zhishiku/20181025/8373.html