Skip to content

Commit

Permalink
Merge pull request #1081 from nginx-proxy/fix-cert-status
Browse files Browse the repository at this point in the history 
fix: don't display LE certificate as erroneously expired
  • Loading branch information
@buchdag
buchdag authored Dec 25, 2023
2 parents 06a5f5e + 83697e6 commit 9591930
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion app/cert_status
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,15 @@ function print_cert_info {
subject="$(openssl x509 -noout -subject -in "$1" | sed -n 's/.*CN = \([a-z0-9.-]*\)/- \1/p')"
san_str="$(openssl x509 -text -in "$1" | grep 'DNS:')"

case "$issuer" in
R3 | R4 | E1 | E2)
issuer="Let's Encrypt $issuer"
;;

*)
;;
esac

echo "Certificate was issued by $issuer"
if [[ "$2" == "expired" ]]; then
echo "Certificate was valid until $enddate"
Expand All @@ -35,7 +44,7 @@ for cert in /etc/nginx/certs/*/fullchain.pem; do
[[ -e "$cert" ]] || continue
if [[ -e "${cert%fullchain.pem}chain.pem" ]]; then
# Verify the certificate with OpenSSL.
if verify=$(openssl verify -CAfile "${cert%fullchain.pem}chain.pem" "$cert" 2>&1); then
if verify=$(openssl verify -untrusted "${cert%fullchain.pem}chain.pem" "$cert" 2>&1); then
echo "$verify"
# Print certificate info.
print_cert_info "$cert"
Expand Down

0 comments on commit 9591930

Please sign in to comment.