2017-09-21

LetsEncrypt SSL CERTIFICATE auto-renew

#/opt/script/haproxy-checkconfig.sh
#LastUpdate: 11:31 2017.03.20
###############################
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"

#HAPROXY_CONFIG_FILE="/opt/script/haproxy.config/haproxy-ssl.cfg"

HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"
clear
echo "###############################"
$HAPROXY_BIN_FILE -v | grep  version
echo "###############################"
echo "CHECK HAPROXY CONFIG: "
$HAPROXY_BIN_FILE -c -f $HAPROXY_CONFIG_FILE
#END






###################################

#/opt/script/haproxy-reload.sh
#Author: qwerty | tinhcx@gmail.com
#LastUpdate: #14:59 2017.08.16
###################################
#/opt/setup/haproxy-1.6.7/haproxy -f /etc/haproxy/haproxy.cfg
# /opt/setup/haproxy-1.6.7/haproxy \
        # -f /etc/haproxy/haproxy_global.cfg \
        # -f /etc/haproxy/haproxy_http.cfg \
        # -f /etc/haproxy/haproxy_stats.cfg \
        # -D -p /var/run/haproxy-1.6.7.pid -sf $(cat /var/run/haproxy-1.6.7.pid) \
        # -- /etc/haproxy/users/* 

###HAPROXY: haproxy-restart.sh | haproxy-reload.sh | haproxy-stop.sh | haproxy-checkconfig.sh


###################################CONTENT:BEGIN

echo "#################################"
echo "HAPROXY: CURRENT PID:"
netstat -ntlup| egrep "PID|LISTEN" | sort -t: -k2 -n  | egrep "PID|haproxy"

echo "#################################"

echo "HAPROXY: RELOAD..."
sleep 3
#
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"
HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"
HAPROXY_PID_FILE="/var/run/haproxy.pid"

#$HAPROXY_BIN_FILE -v | grep  version

echo "$HAPROXY_BIN_FILE -f $HAPROXY_CONFIG_FILE -p $HAPROXY_PID_FILE -sf $(cat $HAPROXY_PID_FILE)"
$HAPROXY_BIN_FILE -f $HAPROXY_CONFIG_FILE -p $HAPROXY_PID_FILE -sf $(cat $HAPROXY_PID_FILE)
#
echo "#################################"
echo "HAPROXY: NEW PID:"
netstat -ntlup| egrep "PID|LISTEN" | sort -t: -k2 -n  | egrep "PID|haproxy"

echo "#################################"

ps aux | egrep "PID|haproxy"
###################################CONTENT:END







#/opt/script/haproxy-restart.sh

#LastUpdate: #16:29 2017.07.25
###############################
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"

#HAPROXY_CONFIG_FILE="/opt/script/haproxy.config/haproxy-ssl.cfg"

HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"

echo "###############################"

echo "HAPROXY CURRENT PID: "
netstat -ntlup | sort -t: -k2 -n | egrep "PID|haproxy"

echo "###############################"

echo "KILL HAPROXY EXISTED INSTANCES:"
#netstat-status.sh | grep haproxy | awk '{print $2}' | xargs kill -9
#/sbin/fuser -k 80/tcp
fuser -k 80/tcp
fuser -k 443/tcp
fuser -k 1234/tcp
fuser -k 6677/tcp
fuser -k 6996/tcp
fuser -k 8668/tcp
fuser -k 8686/tcp


#sleep 5

echo "###############################"
$HAPROXY_BIN_FILE -v | grep  version
echo "###############################"
echo "CHECK HAPROXY CONFIG: "
$HAPROXY_BIN_FILE -c -f $HAPROXY_CONFIG_FILE

echo ""

echo "###############################"
echo "RESTART HAPROXY:"
$HAPROXY_BIN_FILE -f $HAPROXY_CONFIG_FILE


sleep 5

echo ""
echo ""
echo "###############################"
echo "HAPROXY NEW PID: "
netstat -ntlup | egrep "PID|haproxy"
#END






#/opt/script/haproxy-stop.sh

#LastUpdate: 9:28 2016.12.14
###############################
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"

#HAPROXY_CONFIG_FILE="/opt/script/haproxy.config/haproxy-ssl.cfg"

HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"

echo "###############################"

echo "HAPROXY CURRENT PID: "
netstat -ntlup | sort -t: -k2 -n | egrep "PID|haproxy"

echo "###############################"

echo "KILL HAPROXY EXISTED INSTANCES:"
#netstat-status.sh | grep haproxy | awk '{print $2}' | xargs kill -9
fuser -k 80/tcp
fuser -k 443/tcp
fuser -k 1234/tcp
fuser -k 6677/tcp
fuser -k 6996/tcp
fuser -k 8668/tcp
fuser -k 8686/tc

echo ""

echo ""
echo "###############################"
echo "HAPROXY NEW PID: "
netstat -ntlup | egrep "PID|haproxy"
#END






#####################################

#/etc/haproxy/haproxy.cfg
#LastUpdate: #14:13 2017.06.29
#####################################
###HAPROXY: haproxy-restart.sh | haproxy-reload.sh | haproxy-stop.sh | haproxy-checkconfig.sh
#HAPROXY_BIN_img="/opt/setup/haproxy-1.6.7/haproxy"
#HAPROXY_CONFIG_img="/etc/haproxy/haproxy.cfg"
#####################################
#groupadd -g 3003 haproxy
#useradd -u 3003 -s /bin/false -d /bin/null -c "haproxy USER" -g haproxy haproxy

#fuser: command not found

#apt install psmisc

# example.com, file.example.com, upload.example.com, www.example.com, m.example.com, beta.example.com, img.example.com

#####################################
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    #Turn on stats unix socket:
    #stats socket /var/lib/haproxy/stats
    
    #____________________________________
    #____________________________________FOR_HTTPS_CONFIG:BEGIN
    tune.ssl.default-dh-param 2048

    ssl-default-bind-options force-tlsv12 no-sslv3 no-tls-tickets

    #ssl-default-bind-options no-sslv3 no-tls-tickets
    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    ssl-default-server-options force-tlsv12 no-sslv3 no-tls-tickets

    #ssl-default-server-options no-sslv3 no-tls-tickets
    ssl-default-server-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    #____________________________________
    #____________________________________FOR_HTTPS_CONFIG:END
#####################################
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    120s
    timeout queue           1m
    timeout connect         120s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 1200s
    timeout check           10s
    maxconn                 300000
    balance roundrobin
    stats enable
    #stats hide-version
    stats uri /haproxy?stats
    stats refresh 10s
    stats realm Haproxy\ Statistics
    stats auth haproxy:1231234@Bds
    stats auth u:p
    #stats http-request

#1->2->3:

#####################################
#HTTP:
frontend  FRONTEND_80
    bind *:80
        
    # acl whitelist src -f /etc/haproxy/whitelist.lst
    # http-request deny if !whitelist
    
    reqadd X-Forwarded-Proto:\ http    
    
    #Redirect all HTTP traffic to HTTPS:
    #redirect scheme https if !{ ssl_fc }    
    
    #Redirect all HTTP traffic to HTTPS, but no "upload.xxx, apps.xxx":
    #redirect scheme https code 301 if { hdr(Host) -i  <all subdomain but no "upload.xxx, apps.xxx"> } !{ ssl_fc }    
    
    #redirect scheme https code 301 if !{ ssl_fc }
    #redirect prefix https://example.com code 301 if { hdr(host) -i www.example.com }

#____________________________________

#1: FRONTEND ACL:
#SSL_RENEW:
acl URL_LETSENCRYPT_ACL             path_beg            /.well-known/acme-challenge/


acl URL_upload_                    hdr_end(host) -i    upload.example.com

acl URL_img_                       hdr_end(host) -i    img.example.com file.example.com
acl URL_                           hdr_end(host) -i    example.com m.example.com www.example.com
acl URL_beta_                      hdr_end(host) -i    beta.example.com


#____________________________________

#2: USE BACKEND:
#SSL_RENEW:
use_backend BE_URL_LETSENCRYPT_ACL  if  URL_LETSENCRYPT_ACL


use_backend BE_URL_upload_     if  URL_upload_

use_backend BE_URL_img_        if  URL_img_
use_backend BE_URL_            if  URL_
use_backend BE_URL_beta_       if  URL_beta_


#____________________________________

#3: BACKEND:
#SSL_RENEW:
backend BE_URL_LETSENCRYPT_ACL
    server      local_54321 127.0.0.1:54321
    
backend BE_URL_upload_
    balance     roundrobin
    server      local.8081 127.0.0.1:8081 check
backend BE_URL_img_
    balance     roundrobin
    server      local.64280 127.0.0.1:64280 check    
backend BE_URL_
    balance     roundrobin
    server      srv_windows x.x.x.x:80 check
backend BE_URL_beta_
    mode http
    acl whitelist src -f /etc/haproxy/whitelist.lst
    http-request deny if !whitelist
    server      srv_windows x.x.x.x:80 check

    

    

#10:00 2017.04.13

################
##__________FRONTEND_[INDO_BETA_1235]:BEGIN
#--------------------------------
#-----https://beta.example.com/
#--------------------------------
frontend FRONTEND_BETA_1235
    http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
    http-response set-header X-Frame-Options SAMEORIGIN
    http-response set-header X-Content-Type-Options nosniff
        
    #bind *:1235 ssl crt /etc/haproxy/certs/example.com.pem no-sslv3
    bind *:1235 ssl crt-list /etc/haproxy/crtlist.txt
        
    option httpclose          
    option forwardfor    
    reqadd X-Forwarded-Proto:\ https      
    default_backend BACKEND_FRONTEND_BETA

backend BACKEND_FRONTEND_BETA

    mode        http
    balance     leastconn    
    acl whitelist src -f /etc/haproxy/whitelist.lst
    http-request deny if !whitelist
    server      srv_windows x.x.x.x:1235 check
##__________FRONTEND_[INDO_BETA_1235]:END
#

    

#####################################
#HTTPS:
frontend FRONTEND_443  
    http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
    http-response set-header X-Frame-Options SAMEORIGIN
    http-response set-header X-Content-Type-Options nosniff
    
    #bind *:443 ssl crt /etc/haproxy/certs/example.com.pem no-sslv3
    bind *:443 ssl crt-list /etc/haproxy/crtlist.txt
    mode http
    # acl whitelist src -f /etc/haproxy/whitelist.lst
    # http-request deny if !whitelist
    option httpclose
    option forwardfor
    reqadd X-Forwarded-Proto:\ https
    
    redirect prefix https://example.com code 301 if { hdr(host) -i www.example.com }

#1->2->3:

#####################################
#____________________________________
#1: FRONTEND ACL:
#SSL_RENEW:
acl URLS_LETSENCRYPT_ACL             path_beg            /.well-known/acme-challenge/

acl URLS_upload_                    hdr_end(host) -i    upload.example.com

acl URLS_img_                       hdr_end(host) -i    img.example.com
acl URLS_                           hdr_end(host) -i    example.com m.example.com
acl URLS_beta_                      hdr_end(host) -i    beta.example.com
#____________________________________
#2: USE BACKEND:
#SSL_RENEW:
use_backend BE_URLS_LETSENCRYPT_ACL     if  URLS_LETSENCRYPT_ACL

use_backend BE_URLS_upload_             if  URLS_upload_

use_backend BE_URLS_img_                if  URLS_img_
use_backend BE_URLS_                    if  URLS_
use_backend BE_URLS_beta_               if  URLS_beta_

#____________________________________

#3: BACKEND:
#SSL_RENEW:
backend BE_URLS_LETSENCRYPT_ACL
    server      local_54321 127.0.0.1:54321
    
backend BE_URLS_upload_
    balance     roundrobin
    server      local.8081 127.0.0.1:8081 check
backend BE_URLS_img_
    balance     roundrobin
    server      local.64280 127.0.0.1:64280 check
backend BE_URLS_
    balance     roundrobin
    server      srv_windows x.x.x.x:80 check
backend BE_URLS_beta_
    acl whitelist src -f /etc/haproxy/whitelist.lst
    http-request deny if !whitelist
    server      srv_windows x.x.x.x:80 check  
#END









#/opt/script/le-renew-example.com.ini

#LastUpdate: #9:42 2017.08.04
###############################
#BEGIN
# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Let's Encrypt with
# "--help" to learn more about the available options.

#_____1. Use a 4096 bit RSA key instead of 2048

rsa-key-size = 4096

#_____2. Uncomment and update to register with the specified e-mail address

email = tinhcx@gmail.com

#_____3. Uncomment and update to generate certificates for the specified

#domains = example.com, www.example.com
domains = example.com, cpanel.example.com, cpcalendars.example.com, cpcontacts.example.com, ftp.example.com, mail.example.com, webdisk.example.com, webmail.example.com, whm.example.com, www.example.com

# Uncomment to use a text interface instead of ncurses

# text = True

#_____4. Uncomment to use the standalone authenticator on port 443

#https://certbot.eff.org/docs/using.html#standalone
# authenticator = standalone
#TCP-443:
####
standalone-supported-challenges = http-01
#--preferred-challenges http to use port 80
#--preferred-challenges tls-sni to use port 443
#--preferred-challenges tls-sni = http-01

# Uncomment to use the webroot authenticator. Replace webroot-path with the

# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html
#END


#https://www.imagescape.com/blog/2016/11/08/letsencrypt-quick-setup/

#/opt/certbot-auto renew  --text --no-self-upgrade > /var/log/letsencrypt_cron.log 2>&13










#!/bin/bash

#/opt/script/le-renew-example.com.sh
#LastUpdate: #9:45 2017.08.04
###########################################
####7za: COMPRESS: 7za a -mhe=on -p310212 <dest.7z> <src>
#        EXTRACT : 7za x -mhe=on -p310212 <dest.7z>

#RENEW SSL CERT: T2-6h00, weekly:

#00 06 * * 1 /opt/script/le-renew-example.com.sh

###########################################

#/opt/setup/haproxy-1.6.7/haproxy -f /etc/haproxy/haproxy.cfg
###HAPROXY: haproxy-restart.sh | haproxy-reload.sh | haproxy-stop.sh | haproxy-checkconfig.sh
###########################################
# wget https://rhel6.iuscommunity.org/ius-release.rpmrpm -Uvh ius-release.rpm
# yum -y install epel-release
# yum -y --enablerepo=ius install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv
# yum -y install git

#apt-get -y install git;git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

#cd /opt/letsencrypt;./letsencrypt-auto certonly --standalone

#yum -y install tree bc p7zip  || ( apt-get -y install tree bc p7zip-full </dev/null )


#======================================

    SH_FILE_NAME="le-renew-example.com.sh"
CONFIG_FILE_NAME="le-renew-example.com.ini"
#======================================

fuser -k 54321/tcp

config_file="/opt/script/$CONFIG_FILE_NAME"
now1="$(date +'%Y.%m.%d-%H.%M.%S.%6N')"
web_service='haproxy'
domain=`grep "^\s*domains" $config_file | sed "s/^\s*domains\s*=\s*//" | sed 's/(\s*)\|,.*$//'`
http_01_port='54321'
combined_file="/etc/haproxy/certs/${domain}.pem"
le_path='/opt/letsencrypt'
exp_limit=90;

cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"

key_file="/etc/letsencrypt/live/$domain/privkey.pem"
exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)
echo "----------------------------------------------------"
echo "BEFORE: THOI HAN SU DUNG SSL CERT: [$days_exp] NGAY"
echo "----------------------------------------------------"
echo ""
sleep 5


#Backup current "HAPROXY", "LETSENCRYPT":

mkdir -p /opt/bk; cd /opt/bk;
#BACKUP : 7za a -mhe=on -p310212 letsencrypt-$(date +'%Y.%m.%d-%H.%M.%S.%3N').7z /etc/letsencrypt
#RESTORE: 7za x -mhe=on -p310212 letsencrypt-$now1.7z; cp -vR letsencrypt-$now1 /etc/
7za a -mhe=on -p310212 letsencrypt-$now1.7z /etc/letsencrypt > /opt/bk/null.log
7za a -mhe=on -p310212 haproxy-$now1.7z     /etc/haproxy     > /opt/bk/null.log


mkdir -p /etc/haproxy/bk

mkdir -p /etc/haproxy/certs/bk
#Backup current CERT before get new CERT:
cd /etc/haproxy/certs/
cp -vR $domain.pem $domain.pem-bk-$(date +'%Y.%m.%d-%H.%M.%S.%3N')

rm -rf /var/log/letsencrypt/*.log.*

ls -lh /var/log/letsencrypt

LE_LOG=/var/log/letsencrypt/letsencrypt.log

echo "###################################" >> $LE_LOG
echo "###################################" >> $LE_LOG
now1="$(date +'%Y.%m.%d-%H.%M.%S.%6N')"
echo "RE-NEW SSL CERT BEGIN ON [$now1]"    >> $LE_LOG


cd /etc/

#rm -rf letsencrypt/archive
#rm -rf letsencrypt/live
#rm -rf letsencrypt/csr
#rm -rf letsencrypt/keys
#rm -rf letsencrypt/renewal
#rm -rf letsencrypt

if [ ! -f $config_file ]; then

    echo "[ERROR] config file does not exist: [$config_file]"
    echo ""
    echo ""
    sleep 5
    exit 1;
fi

#cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"

#key_file="/etc/letsencrypt/live/$domain/privkey.pem"

echo "########################"

echo "CERT + KEY FILE: "
echo "cert_file: $cert_file"
echo "key_file : $key_file"



if [ ! -f $cert_file ]; then

    echo "[ERROR] certificate file not found for domain [$domain]."
    echo ""
    echo ""
    sleep 5
fi

exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)

datenow=$(date -d "now" +%s)
days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)
echo "Checking expiration date for [$domain]..."
echo ""
echo ""
sleep 5

if [ "$days_exp" -gt "$exp_limit" ]; then

    echo "The certificate is up to date, no need for renewal ($days_exp days left)."
    echo ""
    echo ""
    sleep 5
    exit 0;
else
    echo "The certificate for [$domain] is about to expire soon. Starting Let's Encrypt (HAProxy:$http_01_port) renewal script..."
    $le_path/letsencrypt-auto certonly --standalone --agree-tos --renew-by-default --config $config_file --http-01-port $http_01_port
    #The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead.
    #Saving debug log to /var/log/letsencrypt/letsencrypt.log

    echo "Creating [$combined_file] with latest certs..."

    sleep 5    
    sudo bash -c "cat /etc/letsencrypt/live/$domain/fullchain.pem /etc/letsencrypt/live/$domain/privkey.pem > $combined_file"

    echo "----------------------------------------------------"

    echo "CREATED SSL CERT"
    echo "----------------------------------------------------"
    ls -lh /etc/letsencrypt/live/$domain
    echo "----------------------------------------------------"
    sleep 5

    #cd /etc/letsencrypt/live/$domain

    #cat fullchain.pem  privkey.pem  > $domain.pem
    #echo "########################"
    #echo "Reloading [$web_service]"
    #sleep 5
    #/usr/sbin/service $web_service reload

    exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)

    datenow=$(date -d "now" +%s)
    days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)
    echo "----------------------------------------------------"
    echo "AFTER: THOI HAN SU DUNG SSL CERT: [$days_exp] NGAY"
    echo "----------------------------------------------------"
    sleep 5
    #tree /etc/letsencrypt
    ls -l /etc/haproxy/certs/
    
    #RESTART HAPROXY?:
    #/opt/script/haproxy-restart.sh
    #/opt/script/haproxy-reload.sh 
    
    echo "########################"
    echo "Renewal process finished for domain [$domain]"
    
    #Display expired date of new CERT:    
    echo "==================================================="
    echo "VALIDATE TIME OF SSL CERT [$combined_file] :"
    openssl x509 -noout -dates -in $combined_file
    echo "==================================================="
    echo ""

    exit 0;

fi
#END
#
#







#/opt/script/le-expired-date-example.com.sh

#LastUpdate: #16:32 2017.07.24
############################################
cd /etc/haproxy/certs/

SSL_FILE_NAME=example.com.pem


echo "###################################################"

echo "VALIDATE TIME OF SSL CERT [$SSL_FILE_NAME] :"
openssl x509 -noout -dates -in $SSL_FILE_NAME

#END






#/etc/haproxy/crtlist.txt

#LastUpdate: #9:54 2017.07.24
###################################
# #HTTPS:
# frontend FRONTEND_443  
    # http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
    # http-response set-header X-Frame-Options SAMEORIGIN
    # http-response set-header X-Content-Type-Options nosniff
    # bind *:443 ssl crt-list /etc/haproxy/crtlist.txt
    # mode http
    # option httpclose
    # option forwardfor
    # reqadd X-Forwarded-Proto:\ https
###################################


#9:55 2017.07.24

/etc/haproxy/certs/example.com.pem
#----------------------------------#END





#/etc/haproxy/whitelist.lst

# backend BE_URL
# acl whitelist src -f /etc/haproxy/whitelist.lst
# http-request deny if !whitelist
# balance     roundrobin
# server      local.8081 127.0.0.1:8081 check 
#LastUpdate: #9:33 2017.09.16
#################################
#____________________WHITELIST:BEGIN
#x.x.x.x/32
#____________________WHITELIST:END

#END





ssl_expied_date.sh

#/etc/haproxy/certs/ssl_expied_date.sh
#LastUpdate: #14:29 2018.07.26
########################################
cd /etc/haproxy/certs/
######################

for var_temp in *.pem;
do
    echo "_________________________"
    echo 'SSL CERT: ' $var_temp:
    openssl x509 -noout -dates -in $var_temp

done
echo "_________________________"
echo "#########################"


#THE-END






No comments:

Post a Comment