Receiving alerts for domains that are about to expire

You can get an alert when a domain is about to expire (in 30 days) by using the WhoisXMLAPI.

Creating API key

• Create a user at WhoisXMLAPI
• Get your API key from menu/settings under general.
• Add the API Key replacing "API_FROM_WHOISXMLAPI" with the API at the script.
• Add 1 or more domains to monitor for expiration replacing domain1.com and/or domain2.com

Configuring EventSentry

• Under 'Tools > Embedded Scripts' click 'New' and then label this, 'DomainExpirationCheck.ps1' and in the 'Script Content' box add the code shown below.

Note: Also available in our github repository

# Define the API key at the beginning of the script for easy maintenance
$apiKey = "API_FROM_WHOISXMLAPI"

# List of domains to check
$domains = @("domain1.com", "domain2.com")
# Set a flag to track if any domain is about to expire
$aboutToExpire = $false

foreach ($domain in $domains) {
    $whoisApiUrl = "https://www.whoisxmlapi.com/whoisserver/WhoisService?apiKey=$apiKey&domainName=$domain&outputFormat=JSON"

    # Use Invoke-RestMethod to query the WHOIS API
    $response = Invoke-RestMethod -Uri $whoisApiUrl

    # Check for API error response
    if ($response.ErrorMessage) {
        Write-Output "ERROR: API Error for domain $domain : $($response.ErrorMessage.msg)"
        $aboutToExpire = $true
        continue
    }

    # Check if the API response contains the expiration date
    if ($response.WhoisRecord -and $response.WhoisRecord.expiresDate) {
        $expirationDate = $response.WhoisRecord.expiresDate
        $expirationDateTime = [datetime]::Parse($expirationDate)
        $daysUntilExpiration = ($expirationDateTime - (Get-Date)).Days

        # Check if the domain is less than 30 days from expiration
        if ($daysUntilExpiration -lt 30) {
            Write-Output "ERROR: Domain $domain is about to expire in $daysUntilExpiration days."
            $aboutToExpire = $true
        } else {
            Write-Output "OK: Domain $domain expires in $daysUntilExpiration days."
        }
    } else {
        Write-Output "Warning: No expiration information available for domain $domain (Domain is not fully supported by whoisxmlapi)"
        $noInfo = $true
    }
}

# Exit with error 1 if any domain is about to expire
if ($aboutToExpire) {
    exit 1
}
if ($noInfo) {
    exit 998
}

• In the 'Interpreter' field, select 'powershell.exe -inputformat none -file' from the drop-down and then click 'OK'

The script editor window should look similar to this:

• Under 'System Health Packages', create a new package (assign it accordingly to the machine you prefer to run in) and add an "Application Scheduler" object to it.
• Decide on a schedule for the script and select @DomainExpirationCheck.ps1' for the script name. Take into consideration that every query uses credits of the API.

• Under 'Event Logs', create a new package (assign it accordingly to the same machine that you assigned the script) and then add an inlcude filter that will look for the informational event 10200 logged by EventSentry, with the content filter containing *DomainExpirationCheck.ps1*NotAfter*. If no certificates have expired or are set to expire, the NotAfter will not be a part of the event, so this alert wont be triggered. Inside the "Actions" group add the desired Email action to get the notification.

Package should look like this:

• Save configuration, from the top menu, (1) click home (2) and the save (or save & deploy) icon.

If everything was correctly configured an alert will be triggered when the domain expires sooner than 30 days. This can also be modified by changing the line if ($daysUntilExpiration -lt 30) { replacing 30 with the number of days before the expiration.

When running PowerShell scripts, also ensure that the proper execution policy is set.