Index: openacs-4/packages/acs-admin/acs-admin.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-admin/acs-admin.info,v
diff -u -r1.57 -r1.58
--- openacs-4/packages/acs-admin/acs-admin.info	13 Jul 2018 11:37:58 -0000	1.57
+++ openacs-4/packages/acs-admin/acs-admin.info	27 Sep 2018 08:59:05 -0000	1.58
@@ -9,7 +9,7 @@
     <implements-subsite-p>f</implements-subsite-p>
     <inherit-templates-p>t</inherit-templates-p>
 
-    <version name="5.10.0d6" url="http://openacs.org/repository/download/apm/acs-admin-5.10.0d6.apm">
+    <version name="5.10.0d7" url="http://openacs.org/repository/download/apm/acs-admin-5.10.0d7.apm">
         <owner url="mailto:dhogaza@pacifier.com">Don Baccus</owner>
         <summary>An interface for Site-wide administration of an OpenACS Installation.</summary>
         <release-date>2017-08-06</release-date>
@@ -20,7 +20,7 @@
         <license>GPL</license>
         <maturity>3</maturity>
 
-        <provides url="acs-admin" version="5.10.0d6"/>
+        <provides url="acs-admin" version="5.10.0d7"/>
         <requires url="acs-kernel" version="5.9.1"/>
 	<requires url="acs-tcl" version="5.10.0d14"/>
 	<requires url="acs-templating" version="5.9.1"/>
@@ -30,7 +30,8 @@
         <callbacks>
         </callbacks>
         <parameters>
-        <!-- No version parameters -->
+          <parameter scope="instance" datatype="number" min_n_values="1"  max_n_values="1" name="ExpireCertificateWarningPeriod" default="14" description="Warn system administrator about expiring certificate(s) specified number of days in advance (use -1 to deactivate the feature)" section_name="certificates"/>
+          <parameter scope="instance" datatype="string" min_n_values="1"  max_n_values="1" name="ExpireCertificateEmail" default="" description="Email address for expire notification. When empty, use email address from [ad_host_administrator]" section_name="certificates"/>	  
         </parameters>
 
     </version>
Index: openacs-4/packages/acs-admin/tcl/acs-admin-init.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-admin/tcl/acs-admin-init.tcl,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/acs-admin/tcl/acs-admin-init.tcl	27 Sep 2018 08:59:05 -0000	1.1
@@ -0,0 +1,19 @@
+ad_library {
+
+    Automated functions for acs-admin
+
+    @author Gustaf Neumann
+    @creation-date 2018-08-15
+}
+
+#
+# Check, if certificates are running out (run this every night at 3am and 3 mins)
+#
+
+ad_schedule_proc -thread t -schedule_proc ns_schedule_daily [list 3 3] ::acs_admin::check_expired_certificates
+
+# Local variables:
+#    mode: tcl
+#    tcl-indent-level: 4
+#    indent-tabs-mode: nil
+# End:
Index: openacs-4/packages/acs-admin/tcl/acs-admin-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-admin/tcl/acs-admin-procs.tcl,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/acs-admin/tcl/acs-admin-procs.tcl	27 Sep 2018 08:59:05 -0000	1.1
@@ -0,0 +1,88 @@
+ad_library {
+
+    Automated functions for acs-admin
+
+    @author Gustaf Neumann
+    @creation-date 2018-08-15
+}
+
+namespace eval acs_admin {
+
+    ad_proc ::acs_admin::check_expired_certificates {} {
+
+        Check expire-dates of certificates and send warning 
+        emails to the admin. In case HTTPS is not configured via the
+        "nsssl" driver, or the command line tool "openssl" openssl is
+        installed, the proc does nothing.  } {
+
+        set openssl [util::which openssl]
+        if {[info commands ns_driver] ne "" && $openssl ne ""} {
+            #
+            # Get certificates to check expire dates
+            #
+            set critCertInfo {}
+            foreach entry [ns_driver info] {
+                set module [dict get $entry module]
+                if {[dict get $entry type] eq "nsssl"} {
+                    set server [dict get $entry server]
+                    if {$server ne ""} {
+                        set certfile [ns_config ns/server/$server/module/$module certificate]
+                    } else {
+                        set certfile [ns_config ns/module/$module certificate]
+                    }
+                    if {![info exists processed($certfile)]} {
+                        #
+                        # Check expiration of the certificate using the
+                        # "openssl" command line tool.
+                        #
+                        set notAfter [exec openssl x509 -enddate -noout -in $certfile]
+                        regexp {notAfter=(.*)$} $notAfter . date
+                        set days [expr {([clock scan $date] - [clock seconds])/(60*60*24.0)}]
+                        set info "Certificate $certfile will expire in [format %.1f $days] days"
+                        ns_log notice "ssl: $info"
+                        set warnInDays [parameter::get_from_package_key \
+                                            -package_key "acs-admin" \
+                                            -parameter ExpireCertificateWarningPeriod \
+                                            -default 30]
+                        if {$warnInDays > -1 && $days < $warnInDays} {
+                            lappend critCertInfo $info
+                        }
+                        set processed($certfile) 1
+                    }
+                }
+            }
+            if {[llength $critCertInfo] > 0} {
+                set to_addr [parameter::get_from_package_key \
+                                 -package_key "acs-admin" \
+                                 -parameter ExpireCertificateEmail \
+                                 -default ""]
+                if {$to_addr eq ""} {
+                    set to_addr [ad_host_administrator]
+                }
+                if {$to_addr ne ""} {
+                    set body ""
+                    if {[llength $critCertInfo] > 1} {
+                        set certLabel "certificates"
+                    } else {
+                        set certLabel "certificate"
+                    }
+                    acs_mail_lite::send -send_immediately \
+                        -to_addr $to_addr \
+                        -from_addr [ad_system_owner] \
+                        -subject "Certificate of [ad_system_name] expires soon" \
+                        -body [append body \
+                                   "Dear Webmaster of [ad_system_name]," \n\n\
+                                   "The following $certLabel of your site will expire soon:\n\n" \
+                                   "- " [join $critCertInfo "\n- "] \n\n\
+                                   "Your friendly daemon" \n]
+                }
+            }
+        }
+    }
+}
+
+# Local variables:
+#    mode: tcl
+#    tcl-indent-level: 4
+#    indent-tabs-mode: nil
+# End: