#!/usr/bin/env bash
# zert-check — SSL-Zertifikate aller motocamp.de Subdomains prüfen

RED='\033[0;31m'
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
BOLD='\033[1m'
RESET='\033[0m'

DOMAINS=(
  motocamp.de
  www.motocamp.de
  dsm.motocamp.de
  akku.motocamp.de
  akkudb.motocamp.de
  audiobooks.motocamp.de
  bitwarden.motocamp.de
  calibre.motocamp.de
  docs.motocamp.de
  git.motocamp.de
  grafana.motocamp.de
  home.motocamp.de
  immich.motocamp.de
  iobroker.motocamp.de
  mealie.motocamp.de
  n8n.motocamp.de
  pairdrop.motocamp.de
  paperless.motocamp.de
)

printf "${BOLD}%-35s %-12s %-12s %s${RESET}\n" "Domain" "Läuft ab" "Tage" "Status"
printf '%0.s─' {1..70}; echo

TODAY=$(date +%s)

for domain in "${DOMAINS[@]}"; do
  result=$(echo | openssl s_client -connect "${domain}:443" -servername "$domain" 2>/dev/null \
    | openssl x509 -noout -enddate 2>/dev/null)

  if [[ -z "$result" ]]; then
    printf "%-35s ${RED}%-12s${RESET}\n" "$domain" "nicht erreichbar"
    continue
  fi

  enddate=$(echo "$result" | sed 's/notAfter=//')
  expiry_epoch=$(date -j -f "%b %d %T %Y %Z" "$enddate" +%s 2>/dev/null \
    || date -d "$enddate" +%s 2>/dev/null)

  days_left=$(( (expiry_epoch - TODAY) / 86400 ))
  expiry_fmt=$(date -j -f "%b %d %T %Y %Z" "$enddate" "+%d.%m.%Y" 2>/dev/null \
    || date -d "$enddate" "+%d.%m.%Y" 2>/dev/null)

  if (( days_left <= 7 )); then
    color=$RED
    status="KRITISCH"
  elif (( days_left <= 30 )); then
    color=$YELLOW
    status="bald fällig"
  else
    color=$GREEN
    status="ok"
  fi

  printf "%-35s ${color}%-12s %-12s %s${RESET}\n" \
    "$domain" "$expiry_fmt" "${days_left}d" "$status"
done
