W dniu 2017-09-11 o 18:25, Viktor Dukhovni pisze: > >> On Sep 11, 2017, at 5:21 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: >> >> Does anyone know a way to detect if the certificate currently being used by >> Postfix and/or Dovecot is nearing expiry (esp. in case they haven't picked >> up the updated letsencrypt certificate)? > > See below for OpenSSL 1.0.2 or later. Earlier versions don't > have the "-verify_hostname" option, you can delete it if you > like, and omit that part of the certificate check, in which > case the code will also work for OpenSSL 1.0.1 and earlier > (which are EOL).
https://github.com/matteocorti/check_ssl_cert works great. I'm using it to check my local / remote HTTP/SMTP/IMAP certificate expiry dates. -- best regards, Lukasz Wasikowski
