image
Dave Herrell
Dave Herrell - Blog - IT Toolbox - PowerShell Banner
PowerShell Basics, Slack

PowerShell Basics: Send SSL Cert Expirations to Slack

If your organization uses SSL certificates for servers and websites, manually tracking their expiration dates can be time-consuming. This PowerShell script automates this process by:

  1. Reading a list of URLs from a text file.
  2. Validating each SSL certificate’s issuer and expiration date.
  3. Sending alerts to a specified Slack channel for certificates nearing expiration (within a customizable timeframe).

Note: Most registrars won’t renew SSL certs more than 30 days before they expire.

Need help with the Slack webhook setup?  I’ve included a brief guide below to get you started.

Create Slack Webhook

Log into your Slack workspace as an administrator.  Go to the admin section of Slack.   On the left menu list, scroll down to Configure Apps. 

Choose the Custom Integrations. You can also utilize Slack apps for this.  But for this round, we’ll use Slacks Incoming Webhooks.   Choose Incoming Webhooks, then click the Add to Slack button.

Choose the Channel you want the alerts to go into.  In this example I will use a private channel I created named “ssl-cert-alert”.   Once you chose the channel, click “Add Incoming Webhooks integration”.    This will send an alert to the channel you just chose. 

Next we’ll configure the basics of the alert such as its Custom name, Label Icon, Etc. Once complete, click Save Settings.  You will also notice the app name in your channel alert has updated. 

Dont be a noob.  The webook in this screenshot has already been removed.

Last thing you need to do is copy the Webhook URL.  You will need this for the PowerShell script. 

Looking to do this via Python Instead? Check out this page

PowerShell Script

Now that you have your Slack Webhook URL, it’s time to setup your alert script.   Below is the script you can copy.  Make sure you update the .txt file path and Webhook URL with your own information. 

 

				
					# Make sure you define your path to the URL file
$urlsFile = "/Users/daveherrell/Desktop/urls.txt"

# Define your Slack Webhook URL
$slackWebhookUrl = "https://hooks.slack.com/services/YOURSLACKURLHERE"

# Set the number of days to check for certificate expiration
$warningDays = 90

# Function to fetch SSL certificate information
function Get-SSLCertificateInfo {
    param (
        [string]$url
    )

    try {
        $uri = New-Object System.Uri($url)
        $tcpClient = New-Object System.Net.Sockets.TcpClient
        $tcpClient.Connect($uri.Host, 443)
        $sslStream = New-Object System.Net.Security.SslStream($tcpClient.GetStream(), $false, ({ $true }))
        $sslStream.AuthenticateAsClient($uri.Host)
        
        $cert = $sslStream.RemoteCertificate
        $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert
        $tcpClient.Close()

        return @{
            Url = $url
            Issuer = $cert2.Issuer
            NotAfter = $cert2.NotAfter
            Registrar = $cert2.GetNameInfo([System.Security.Cryptography.X509Certificates.X509NameType]::DnsName, $false)
            IsValid = $cert2.Verify()
        }
    } catch {
        Write-Output "Failed to fetch certificate for $url"
        return $null
    }
}

# Function to send Slack notification
function Send-SlackNotification {
    param (
        [string]$message
    )

    $payload = @{
        text = $message
    } | ConvertTo-Json

    Invoke-RestMethod -Uri $slackWebhookUrl -Method Post -ContentType 'application/json' -Body $payload
}

# Read URLs from file
if (Test-Path $urlsFile) {
    $urls = Get-Content -Path $urlsFile
    foreach ($url in $urls) {
        $certInfo = Get-SSLCertificateInfo -url $url
        if ($certInfo -ne $null -and $certInfo.IsValid) {
            $daysToExpire = ($certInfo.NotAfter - (Get-Date)).Days
            if ($daysToExpire -le $warningDays) {
                $message = "SSL Certificate for $($certInfo.Url) issued by $($certInfo.Issuer) (Registrar: $($certInfo.Registrar)) will expire in $daysToExpire days on $($certInfo.NotAfter)."
                Send-SlackNotification -message $message
                Write-Output $message
            }
        } else {
            Write-Output "Invalid certificate for $url or unable to retrieve certificate."
        }
    }
} else {
    Write-Output "URLs file not found at $urlsFile"
}

A couple items to note:

  • You can change the date range on line 8 with whatever you wish.  Just make sure it’s in days.  For instance you can set it for 30 days instead of 90 days.
  • Within your TXT file, you can list up to five hundred URLs before this breaks.  However, make sure the file only contains one domain per line!
  • You can easily set this script to run via Scheduled task on Windows server.  
  • Even if the url in the txt file is no longer available, the script will still run. 

The Results

Finally you should be able to run your PowerShell Script and receive your alerts.  You should get a similar Slack alert:

And there you have it.  Simple SSL Expiration Alerts to your Slack Channel. 

Hope you find this helpful!

Pull this from my GitHub Slack Repo
Pull this from my Bitbucket Slack Repo