Keep Your Certificates Current Using Cron & Dead Man's Snitch

Don't let expirations surprise you.

Photo © AJS Pimentel. Licensed under Creative Commons. https://flic.kr/p/SHUw8F

In 2015 I wrote about Keep Your Certificates Current Using Your Test Suite. That’s still good but has a couple problems that bug me:

  1. It can block development. Suddenly, your test suite is red until you fix these certificates, even though you have a week to fix it.
  2. It can block deployment. If you require green tests to deploy, suddenly you can’t deploy and don’t know why (I’ve been bit by this).
    I still like getting notifed of certificates that are due to expire, so let’s come up with something even better. Leveraging cron and Dead Man’s Snitch.

I’m working on an app today that has four certificates, all for Apple Push Notifications (APNS). They’re all in a folder config/certificates

Step 1: Build a rake task

Here’s a rake task I wrote up in Ruby to check each certificate:

task :check_certificates do
  expiring = []
  path = Rails.root.join("config/certs/*.pem")

  Dir.glob(path).each do |file|
    certificate = OpenSSL::X509::Certificate.new(File.read(file))
    if certificate.not_after.to_time <= 1.week.from_now
      expiring << file
    end
  end

  if expiring.any?
    # abort is more graceful than raising an exception
    # it also gives us a non-zero status code
    # which is useful for Dead Man's Snitch
    abort "Certificate(s) will expire in less than 1 week: #{expiring.join(", ")}"
  end
end

Step 2: Add it to cron

Using cron, I run this task once per day. For example, if I wanted it run at 7am every day, my crontab entry might look like this:

# Every day at 11:00AM UTC (7:00AM EST)
# https://cron.help/#0_11_*_*_*
0 11 * * * bundle exec rake check_certificates

Step 3: Get Notified with Dead Man’s Snitch

I’m assuming you already know how to use Dead Man’s Snitch to get alerted when something doesn’t happen. If not, go read the Getting Started documentation.

The most common way to use Dead Man’s Snitch for cron job monitoring is to add a curl to the end:

# Every day at 11:00AM UTC (7:00AM EST)
# https://cron.help/#0_11_*_*_*
0 11 * * * bundle exec rake check_certificates && curl http://nosnch.in/c2354d53d2 &> /dev/null

I’m going to go a step farther and use Dead Man’s Snitch’s Field Agent. That way I get notified immediately, and get other great stuff like error messages.

# Every day at 11:00AM UTC (7:00AM EST)
# https://cron.help/#0_11_*_*_*
0 11 * * * dms c2354d53d2 bundle exec rake check_certificates

That’s it! Now when my certificates are a week away from expiration, my team will get notified through Dead Man’s Snitch and I can fix them.

Have a different method you like for tracking expiration? Let me know in the comments.

Photo of Daniel Morrison

Daniel founded Collective Idea in 2005 to put a name to his growing and already full-time freelance work. He works hard writing code, teaching, and mentoring.

Comments

  1. August 21, 2019 at 9:11 AM

    a very detailed and meticulous lesson, it really has a lot of values, I will learn a lot thanks

  2. activeseo12@gmail.com
    Dan
    September 05, 2019 at 17:05 PM

    Thanks for providing us with your full detailed instruction regarding to this topic of your article. metal signs for business

  3. zah_zane25@yahoo.com
    jik
    September 05, 2019 at 17:06 PM

    Wow amazing!

  4. brielleluna@hotmail.com
    Brielle Luna
    September 09, 2019 at 12:23 PM

    Very detrailed. Just like to mention how generous you are about giving away and sharing these info online. Please keep writing!

    B [url=https://changeofaddressnearme.com/]https://changeofaddressnearme.com/[/url]
  5. horeakaii@gmail.com
    Horea Kaii
    September 09, 2019 at 13:16 PM

    Wonderful and so thoughtful! :)
    https://changeofaddressnearme.com/

  6. September 30, 2019 at 9:18 AM

    Your content is nothing short of brilliant in many ways. I think this is engaging and eye-opening material. Thank you so much for caring about your content and your readers. https://www.dailyhealthstudy.com

  7. September 30, 2019 at 9:20 AM

    Your content is nothing short of brilliant in many ways. I think this is engaging and eye-opening material. Thank you so much for caring about your content and your readers. www.dailyhealthstudy.com

  8. Somphie
    October 02, 2019 at 15:05 PM

    An article full of informative ideas, this is a must read and there’s a lot to learn in this post thank you for sharing this.
    click