Set up cert expiry date checking for all SSL certs

[chris]

Last month the *.transitionnetwork.org cert expired before it was replaced with a new one and users therefore got warnings for around half a day, see ticket:685.

A script to check the expiry dates was set up on wiki:PuffinServer on ticket:685#comment:9 and this ticket is to document setting this up for wiki:PenguinServer and wiki:ParrotServer.

[chris]

ssl-cert-check was already installed on wiki:PenguinServer it's wiki:PuffinServer and wiki:ParrotServer which don't have it installed.

On wiki:ParrotServer:

sudo -i
aptitude install ssl-cert-check

These cron jobs were added:

30 09 * * * ssl-cert-check -qac "/etc/ssl/wsh/cert.pem" -e "chris@webarchitects.co.uk"
31 09 * * * ssl-cert-check -qac "/etc/ssl/wsh/movie_cert.pem" -e "chris@webarchitects.co.uk"

And they were also manually run, these email was the result:

From: root <root@parrot.webarch.net>
Date: Mon, 03 Feb 2014 13:46:17 +0000
To: chris@webarchitects.co.uk
Subject: Certificate for FILE "(CN: intransitionmovie.com)" will expire in 30-days or less


The SSL certificate for FILE "(CN: intransitionmovie.com)" will expire on Feb 24 23:59:59 2014 GMT

So that proves it working, the last time we go a new cert for this site was on ticket:497 however I'm not sure if we want to renew it this time, see ticket:538#comment:8 I'll follow this up on that ticket.

On wiki:PuffinServer:

aptitude install ssl-cert-check

And this was added to my crontab (as the root crontab is clobbered by BOA):

export EDITOR=vim
crontab -e -u chris

# ssl cert check
32 09 * * * sudo ssl-cert-check -qac "/etc/ssl/transitionnetwork.org/transitionnetwork.org.crt" -e "chris@webarchitects.co.uk"

[chris]

Movie cert check on wiki:ParrotServer has been removed as we are not updating that and the site has been archived and moved to wiki:PenguinServer.