Ok, that was how the script behaved, however it did not return useful information back into Zenoss for how long until expiration.  I have changed the code a bit and here is what it now returns :

./check_certs.sh -x 500 -n -s speakeasy.net -p 443
Status Expiring in 444 days. | speakeasy.net 443 Expiring Jan 13 23:59:59 2011 GMT Days=444 :

dont forget that the -x ### is for when you want it to alarm in days.  If you want 30 days, put in 30.

Zenoss shows this as a major alarm, for /cmd/fail (adjustable) and the status message in the Event Viewer says "Status Expiring in 444 days."

You are more than welcome to use this new version, I threw it up on the server as http://dev01.iwillfearnoevil.com:90/transfer/check_certs_Nagios.sh

I dont know if you are aware or not, but this script does have a small bug in it.  If SSL fails to find a cert (or retrieve it) it can hang for an extened period of time..

You will want to debug each domain by hand once to make sure that it behaves.

ack apologies, tracked this on the crackberry

thanks guy!

thanks for your work guyverix. is it possible for you to export your setup as a zenpack to share it?

thanks in advance!

Here you go.  Zenpack.Iwillfearnoevil.Domain  Grin, so my humor is perverse..

Following the dev guide I could not make this ZenPack work correctly.. Grrr..  The Nagios scripts are included, but you will have to COPY them to the /usr/local/zenoss/common/libexec folder, and make sure they are owned by zenoss, and chmodded to 755.  If you look in the ZenPacks details, it will show the path to where they are located.

I have also found out the hard way that Ubuntu changed their whois package. I installed it and had SERIOUS reply time issues. Whois is not even installed on the server version by default either??

Due to this in my testing, the plugin for domain expiration was timing out.  I have added a line into the code for jwhois.  This is included in the Ubuntu repository, it also caches the results locally so you will not have to query whois servers as often. So, apt-get install jwhois as root to install it...

I have left the jwhois query active in check_domain.sh.  This means RedHat, CentOS, and others who use the normal whois will have to comment out line 45, and uncomment line 43.

The normal whois works as you would expect in Redhat (where I wrote the script) as well as its children (centOS, etc)  It only appears that Ubuntu server needs a different one. (dorks).  I do not know off the top of my head if jwhois is available for RH and Centos in the repos, but if so I would recommend using that as well.  It will lower the contstant calls to whois.internic.  (also no changes are needed for the script then)

This ZenPack will create /Devices/Ping/Domain  as well as /Devices/Ping/Domain/SSL

Since characteristics are inherited, I figured this would be a better way to isolate domain checks that dont necessairly have SSL from SSL enabled domains.

Ping checks have been disabled for both Domain and SSL

Both do show a boring countdown graph to doomsday.. Grin..  Counts are in days, the Nagios threshold is set for 30 days warning at this time.  If you want other thresholds, you could build them out in the templates area in the normal fashion.

If you do happen to find registars who do not follow normal whois conventions with their data return values, let me know, and I will revise the check_domain.sh script.