You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
|
package gossl
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/tls"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// https://mritd.com/2021/05/31/golang-check-certificate-expiration-time/
|
|
|
|
|
func checkSSl(beforeTime time.Duration) error {
|
|
|
|
|
c := &http.Client{
|
|
|
|
|
Transport: &http.Transport{
|
|
|
|
|
// 注意如果证书已过期,那么只有在关闭证书校验的情况下链接才能建立成功
|
|
|
|
|
TLSClientConfig: &tls.Config{
|
|
|
|
|
InsecureSkipVerify: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
// 10s 超时后认为服务挂了
|
|
|
|
|
Timeout: 10 * time.Second,
|
|
|
|
|
}
|
|
|
|
|
resp, err := c.Get("https://mritd.com")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
|
|
|
|
|
|
// 遍历所有证书
|
|
|
|
|
for _, cert := range resp.TLS.PeerCertificates {
|
|
|
|
|
// 检测证书是否已经过期
|
|
|
|
|
if !cert.NotAfter.After(time.Now()) {
|
|
|
|
|
return errors.New(fmt.Sprintf("Website [https://mritd.com] certificate has expired: %s", cert.NotAfter.Local().Format("2006-01-02 15:04:05")))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 检测证书距离当前时间 是否小于 beforeTime
|
|
|
|
|
// 例如 beforeTime = 7d,那么在证书过期前 6d 开始就发出警告
|
|
|
|
|
if cert.NotAfter.Sub(time.Now()) < beforeTime {
|
|
|
|
|
return errors.New(fmt.Sprintf("Website [https://mritd.com] certificate will expire, remaining time: %fh", cert.NotAfter.Sub(time.Now()).Hours()))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|