#!/bin/bash

le_cert_dirs=(le_certs le_certs_dev le_certs_ernie supercp_le_certs)
le_epoch_time=$(date +%s)
le_hours_min=600 # 600 hours = 25 days

exit_code=0

for cert_dir in "${le_cert_dirs[@]}"; do 
  le_certs=$(ls -1 /var/cache/"${cert_dir}" | grep pem | grep -v privkey)
  for cert in ${le_certs}; do 
    cert_path="/var/cache/${cert_dir}/${cert}"
    if [ -e "$cert_path" ]; then
      le_expiry_epoch=$(date -d "$(openssl x509 -enddate -noout -in "$cert_path" | cut -d= -f2)" +%s)
      le_life=$(( le_expiry_epoch - le_epoch_time ))
      le_life_hours=$(( le_life / 3600 ))
      
      if [ "$le_life_hours" -lt "$le_hours_min" ]; then
        echo "CRITICAL - ${cert_path} expires in ${le_life_hours} hours | lifetime=${le_life_hours}h;${le_hours_min};0;0"
        exit_code=2
      else
        echo "OK - ${cert_path} expires in ${le_life_hours} hours | lifetime=${le_life_hours}h;${le_hours_min};0;0"
      fi
    else
      echo "UNKNOWN - Certificate ${cert_path} not found"
      exit_code=3
    fi
  done
done

exit $exit_code