Script to check for certificate expiration

Hi,

a little update to check all partitions, not just Common:

!/bin/bash
Author: dadalife


Check if unit is active and if it is the script should continue:
ACTIVE=$(tmsh show cm failover-status | grep ACTIVE | wc -l)
if (($ACTIVE == 1)); then
echo -e "Unit is active. Proceeding...\n"


SCRIPTPATH='/root/'
MAIL=''
MAILCC=''
NUMREPORTED=0
NUMFLAGGED=0
NUMCRITICAL=0

rm -r "$SCRIPTPATH"expiringcerts.txt

Create a list of all expiring certificates:
for PARTITION in $(tmsh -c "cd / ; list sys folder recursive one-line" | awk '{print $3}')
 do 
    tmsh -c "cd /$PARTITION ; run sys crypto check-cert" | grep 'will expired' | awk -F 'in file' '{print $2}' | awk -F ' GMT' '{print $1}' >> "$SCRIPTPATH"expiringcerts.txt
 done
echo "A list of all expiring certificates has been created!"



Send an email for each certificate if it has not already been sent:
echo -e "\nChecking for expiring certificates..."
> "$SCRIPTPATH"tempflagged.txt
while read line; do
       BODY="\n\nIf it was not previously done, please create a Jira for Operations team in order to renew the certificate.\n\nIgnore this
alarm if the certificate is /Common/ca-bundle.crt\n\nThis is an auto-generated e-mail from the BIG-IP."
        CERT=$(echo $line | awk -F ' ' '{print $1}')
        CERTEXPIRE=$(echo $line | awk -F 'expired on ' '{print $2}')
        FLAGGED=$(cat "$SCRIPTPATH"flaggedcerts.txt | grep $CERT | wc -l)
        if (( $FLAGGED == 0)); then
                echo $CERT >> "$SCRIPTPATH"tempflagged.txt
                echo -e "$CERT expires on $CERTEXPIRE GMT.$BODY" | mail -s "$CERT expires on $CERTEXPIRE GMT" $MAIL -c $MAILCC
                echo "--> $CERT reported to servicedesk."
                NUMREPORTED=$[$NUMREPORTED +1]
        else
                echo $CERT >> "$SCRIPTPATH"tempflagged.txt
                echo "--> $CERT has already been flagged"
                NUMFLAGGED=$[$NUMFLAGGED +1]
        fi
done < "$SCRIPTPATH"expiringcerts.txt
cp "$SCRIPTPATH"tempflagged.txt "$SCRIPTPATH"flaggedcerts.txt
echo -e "Check for expiring certificates done!"


Check if a certificate is less than a week from expiring:
CURRENTTIMEEPOCH=$(date +%s)
echo -e "\nChecking for almost expired certificates..."
while read line; do
        CERTEXPIRE=$(echo $line | awk -F 'expired on ' '{print $2}')
        CERTEXPIREEPOCH=$(date --date="$CERTEXPIRE" +%s)
        CERTEXPIREDIFF=$(expr $CERTEXPIREEPOCH - $CURRENTTIMEEPOCH)
        if (($CERTEXPIREDIFF < 604800)); then
                BODY="\n\nIf it was not previously done, please create a Jira for Operations team in order to renew the certificate.\n\nIgnore this 
alarm if the certificate is /Common/ca-bundle.crt\n\nThis is an auto-generated e-mail from the BIG-IP."
                CERT=$(echo $line | awk -F ' ' '{print $1}')
                echo -e "$CERT expires on $CERTEXPIRE GMT.$BODY" | mail -s "WARNING: $CERT EXPIRES IN LESS THAN A WEEK!!" $MAIL -c $MAILCC
                echo "--> WARNING: $CERT EXPIRES IN LESS THAN A WEEK!!"
                NUMCRITICAL=$[$NUMCRITICAL +1]
        fi
done < "$SCRIPTPATH"expiringcerts.txt
echo "Check for almost expired certificates done!"


echo -e "\nCertification check done!"


Send a status email:
echo -e "Hi Miguel\n\nYour script did its job!!\n\nNumber of newly reported certificates: '$NUMREPORTED'\nNumber of already flagged certificates: 
'$NUMFLAGGED'\nNumber of critical certificates: '$NUMCRITICAL'\n\nYours Sincerely\nThe BIG-IP" | mail -s "Everthing went well!" $MAILCC


else
echo "Unit is standby. No action taken!"
fi