certificate_file_expiry: add pattern support for CERT env variable

plugins/ssl/certificate_file_expiry

@@ -18,7 +18,7 @@ For letsencrypt certificates
 
  [certificate_file_expiry]
  user root
- env.CERTS x509:/etc/letsencrypt/live/domain1.example.com/cert.pem x509:/etc/letsencrypt/live/domain2.example.com/cert.pem
+ env.CERTS x509:/etc/letsencrypt/live/*/cert.pem
 
 Warning and Critical levels can also be configured with env variables like this:
 
@@ -29,6 +29,14 @@ Warning and Critical levels can also be configured with env variables like this:
  # critical when certificate will be invalid within 1 day
  env.critical 1:
 
+env.CERTS should be a space separated list of patterns prefixed by the type of certificate to check and a colon. All types of
+certificates that openssl supports as standard commands and have a validity output are supported (e.g. x509, crl).
+File patterns can be a single file (e.g. /etc/openvpn/easy-rsa/keys/crl.pem) or a pattern that matches multiple files
+(e.g. /etc/letsencrypt/live/*/cert.pem).
+
+env.warning and env.critical are configurable values for the warning and critical levels according to
+http://munin-monitoring.org/wiki/fieldname.warning and http://munin-monitoring.org/wiki/fieldname.critical
+
 =head1 Dependencies
 
 Dependencies: openssl
@@ -57,7 +65,8 @@ warning=${warning:-5:}
 critical=${critical:-1:}
 for cert in ${CERTS}; do
   cert_type=${cert%:*}
-	cert_file=${cert#*:}
+  cert_pattern=${cert#*:}
+  for cert_file in $cert_pattern; do
     cert_name=$(clean_fieldname "$cert_file")
     if [ "$1" = "config" ] ; then
       echo "${cert_name}.label ${cert_file}"
@@ -71,4 +80,5 @@ for cert in ${CERTS}; do
       validity=$(echo "$validity" | awk '{ print ($1 / 86400) }')
       echo "${cert_name}.value $validity"
     fi
+  done
 done