certbot: Add cron job to notify expiring certs

2025-08-02 18:20:33 +00:00 · 2025-08-02 18:20:33 +00:00 · dac04ee011
commit dac04ee011
parent 23dd98a34b
2 changed files with 33 additions and 0 deletions
--- a/roles/certbot/files/check-certs.sh
+++ b/roles/certbot/files/check-certs.sh
@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -eu
+umask 077
+
+certbot certificates 2> /dev/null | awk '
+    {
+        if (/^  Certificate Name: /) { cert = $3 }
+        if (/^    Expiry Date: /) {
+            days = $6
+	    if (days < 30) {
+                print cert " " days " days"
+            }
+        }
+    }
+    '
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -65,3 +65,20 @@
  ansible.builtin.systemd:
    name: certbot-renew.timer
    enabled: false
+
+- name: Copy script to list expiring certificates
+  ansible.builtin.copy:
+    dest: /usr/local/bin/check-certs
+    src: check-certs.sh
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Cretae cronjob to list expiring certificates
+  ansible.builtin.cron:
+    name: check-certs
+    job: /usr/local/bin/check-certs
+    user: certbot
+    hour: "05"
+    minute: "00"
+  when: inventory_hostname == "adm01.home.foo.sh"