Keep Your Certificates Current Using Cron & Dead Man's Snitch

Don't let expirations surprise you.

Photo © AJS Pimentel. Licensed under Creative Commons. https://flic.kr/p/SHUw8F

In 2015 I wrote about Keep Your Certificates Current Using Your Test Suite. That’s still good but has a couple problems that bug me:

  1. It can block development. Suddenly, your test suite is red until you fix these certificates, even though you have a week to fix it.
  2. It can block deployment. If you require green tests to deploy, suddenly you can’t deploy and don’t know why (I’ve been bit by this).
    I still like getting notifed of certificates that are due to expire, so let’s come up with something even better. Leveraging cron and Dead Man’s Snitch.

I’m working on an app today that has four certificates, all for Apple Push Notifications (APNS). They’re all in a folder config/certificates

Step 1: Build a rake task

Here’s a rake task I wrote up in Ruby to check each certificate:

task :check_certificates do
  expiring = []
  path = Rails.root.join("config/certs/*.pem")

  Dir.glob(path).each do |file|
    certificate = OpenSSL::X509::Certificate.new(File.read(file))
    if certificate.not_after.to_time <= 1.week.from_now
      expiring << file
    end
  end

  if expiring.any?
    # abort is more graceful than raising an exception
    # it also gives us a non-zero status code
    # which is useful for Dead Man's Snitch
    abort "Certificate(s) will expire in less than 1 week: #{expiring.join(", ")}"
  end
end

Step 2: Add it to cron

Using cron, I run this task once per day. For example, if I wanted it run at 7am every day, my crontab entry might look like this:

# Every day at 11:00AM UTC (7:00AM EST)
# https://cron.help/#0_11_*_*_*
0 11 * * * bundle exec rake check_certificates

Step 3: Get Notified with Dead Man’s Snitch

I’m assuming you already know how to use Dead Man’s Snitch to get alerted when something doesn’t happen. If not, go read the Getting Started documentation.

The most common way to use Dead Man’s Snitch for cron job monitoring is to add a curl to the end:

# Every day at 11:00AM UTC (7:00AM EST)
# https://cron.help/#0_11_*_*_*
0 11 * * * bundle exec rake check_certificates && curl http://nosnch.in/c2354d53d2 &> /dev/null

I’m going to go a step farther and use Dead Man’s Snitch’s Field Agent. That way I get notified immediately, and get other great stuff like error messages.

# Every day at 11:00AM UTC (7:00AM EST)
# https://cron.help/#0_11_*_*_*
0 11 * * * dms c2354d53d2 bundle exec rake check_certificates

That’s it! Now when my certificates are a week away from expiration, my team will get notified through Dead Man’s Snitch and I can fix them.

Have a different method you like for tracking expiration? Let me know in the comments.

Photo of Daniel Morrison

Daniel founded Collective Idea in 2005 to put a name to his growing and already full-time freelance work. He works hard writing code, teaching, and mentoring.

Comments

Add a Comment

Hmm...that didn't work.

Something went wrong while adding your comment. If you don't mind, please try submitting it again.

Comment Added!

Your comment has been added to this post. Please refresh this page to view it.

Optional. If added, we will display a link to the website in your comment.
Optional. Never shared or displayed in your comment.
  1. February 20, 2019 at 8:54 AM

    Nice concept revealed in your blog thanks for sharing dvd player windows i sure like the dvd player.

  2. Aaron
    February 28, 2019 at 3:36 AM

    Great work!
    spanish dictionary

  3. howardtim2@gmail.com
    Tim Howard
    May 23, 2019 at 7:31 AM

    the certificates are key to information disbursement Garage floor coating.

  4. June 03, 2019 at 1:36 AM

    Thank you for your post, I look for such article along time, today I find it finally. this post gives me lots of advise it is very useful for me.

  5. June 10, 2019 at 1:59 AM

    using dead man’s snitch is crucial…
    carpet cleaners near me

  6. daveseo27@gmail.com
    Daniel Perez
    June 19, 2019 at 11:16 AM

    You have a nice steps to ponder. I appreciate your article. Keep it up! Commercial Roofing Cincinnati Ohio

  7. landscapingservicescolumbia@gmail.com
    Lindsey Shmuck
    July 08, 2019 at 13:28 PM

    This is a really nice way of keeping certificates current! Thanks.
    Lindsey | concrete patio columbia sc

  8. jack warner
    July 09, 2019 at 11:46 AM

    Nice concept revealed in your blog thanks for sharing
    https://www.krhicranes.com/

  9. jack warner
    July 09, 2019 at 11:48 AM

    Thank you for your post. it is helpful keep it up.
    https://www.krhicranes.com/

  10. July 15, 2019 at 9:20 AM

    The steps you share are meticulous and easy to understand. It helped me a lot. Thank you for your great sharing. I am waiting for your new updates.

  11. bholeshankar1992crax@gmail.com
    sapola
    July 16, 2019 at 16:02 PM

    The opinion you present here is wonderful.

  12. kumarpuneetsunny1234@gmail.com
    jhamumo
    July 16, 2019 at 16:05 PM

    great workout.

  13. kumarpuneetsunny1234@gmail.com
    bandale
    July 16, 2019 at 16:06 PM

    wow amzing

  14. ripon456@aol.com
    Ronald Ripon
    July 16, 2019 at 23:39 PM

    This is exactly what I was looking for, thanks - Ronald Ripon

  15. landscapingservicescolumbia@gmail.com
    Kyle Playwright
    July 17, 2019 at 12:16 PM

    Wow! I didn’t realize that Dead Man’s Snitch works that way, not until today. I think I’ll have my IT guy check on this matter again.
    Kyle | llcformations.com

  16. landscapingservicescolumbia@gmail.com
    Kyle Playwright
    July 17, 2019 at 12:18 PM

    Wow! I didn’t realize how Dead Man’ Suit works, not until today. I’ll surely have my IT guy check on this one!
    Kyle | llcformations.com

  17. July 18, 2019 at 0:49 AM

    Great information - thanks for sharing your knowledge!
    Bonnie | stucco refinishing Orlando

  18. July 21, 2019 at 1:35 AM

    This is a great system to make sure your certificates always stay up to date.
    long beach landscape designers