PROBLEM SOLVING ON UNIX/LINUX SYSTEMS: LetsEncrypt SSL CERTIFICATE auto-renew

#/opt/script/haproxy-checkconfig.sh
#LastUpdate: 11:31 2017.03.20
###############################
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"

#HAPROXY_CONFIG_FILE="/opt/script/haproxy.config/haproxy-ssl.cfg"
HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"
clear
echo "###############################"
$HAPROXY_BIN_FILE -v | grep version
echo "###############################"
echo "CHECK HAPROXY CONFIG: "
$HAPROXY_BIN_FILE -c -f $HAPROXY_CONFIG_FILE
#END

###################################
#/opt/script/haproxy-reload.sh
#Author: qwerty | tinhcx@gmail.com
#LastUpdate: #14:59 2017.08.16
###################################
#/opt/setup/haproxy-1.6.7/haproxy -f /etc/haproxy/haproxy.cfg
# /opt/setup/haproxy-1.6.7/haproxy \
# -f /etc/haproxy/haproxy_global.cfg \
# -f /etc/haproxy/haproxy_http.cfg \
# -f /etc/haproxy/haproxy_stats.cfg \
# -D -p /var/run/haproxy-1.6.7.pid -sf $(cat /var/run/haproxy-1.6.7.pid) \
# -- /etc/haproxy/users/*

###HAPROXY: haproxy-restart.sh | haproxy-reload.sh | haproxy-stop.sh | haproxy-checkconfig.sh

###################################CONTENT:BEGIN
echo "#################################"
echo "HAPROXY: CURRENT PID:"
netstat -ntlup| egrep "PID|LISTEN" | sort -t: -k2 -n | egrep "PID|haproxy"

echo "#################################"
echo "HAPROXY: RELOAD..."
sleep 3
#
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"
HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"
HAPROXY_PID_FILE="/var/run/haproxy.pid"

#$HAPROXY_BIN_FILE -v | grep version
echo "$HAPROXY_BIN_FILE -f $HAPROXY_CONFIG_FILE -p $HAPROXY_PID_FILE -sf $(cat $HAPROXY_PID_FILE)"
$HAPROXY_BIN_FILE -f $HAPROXY_CONFIG_FILE -p $HAPROXY_PID_FILE -sf $(cat $HAPROXY_PID_FILE)
#
echo "#################################"
echo "HAPROXY: NEW PID:"
netstat -ntlup| egrep "PID|LISTEN" | sort -t: -k2 -n | egrep "PID|haproxy"

echo "#################################"
ps aux | egrep "PID|haproxy"
###################################CONTENT:END

#/opt/script/haproxy-restart.sh
#LastUpdate: #16:29 2017.07.25
###############################
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"

#HAPROXY_CONFIG_FILE="/opt/script/haproxy.config/haproxy-ssl.cfg"
HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"

echo "###############################"
echo "HAPROXY CURRENT PID: "
netstat -ntlup | sort -t: -k2 -n | egrep "PID|haproxy"

echo "###############################"
echo "KILL HAPROXY EXISTED INSTANCES:"
#netstat-status.sh | grep haproxy | awk '{print $2}' | xargs kill -9
#/sbin/fuser -k 80/tcp
fuser -k 80/tcp
fuser -k 443/tcp
fuser -k 1234/tcp
fuser -k 6677/tcp
fuser -k 6996/tcp
fuser -k 8668/tcp
fuser -k 8686/tcp

#sleep 5
echo "###############################"
$HAPROXY_BIN_FILE -v | grep version
echo "###############################"
echo "CHECK HAPROXY CONFIG: "
$HAPROXY_BIN_FILE -c -f $HAPROXY_CONFIG_FILE

echo ""
echo "###############################"
echo "RESTART HAPROXY:"
$HAPROXY_BIN_FILE -f $HAPROXY_CONFIG_FILE

sleep 5
echo ""
echo ""
echo "###############################"
echo "HAPROXY NEW PID: "
netstat -ntlup | egrep "PID|haproxy"
#END

#/opt/script/haproxy-stop.sh
#LastUpdate: 9:28 2016.12.14
###############################
HAPROXY_BIN_FILE="/opt/setup/haproxy-1.6.7/haproxy"

#HAPROXY_CONFIG_FILE="/opt/script/haproxy.config/haproxy-ssl.cfg"
HAPROXY_CONFIG_FILE="/etc/haproxy/haproxy.cfg"

echo "###############################"
echo "HAPROXY CURRENT PID: "
netstat -ntlup | sort -t: -k2 -n | egrep "PID|haproxy"

echo "###############################"
echo "KILL HAPROXY EXISTED INSTANCES:"
#netstat-status.sh | grep haproxy | awk '{print $2}' | xargs kill -9
fuser -k 80/tcp
fuser -k 443/tcp
fuser -k 1234/tcp
fuser -k 6677/tcp
fuser -k 6996/tcp
fuser -k 8668/tcp
fuser -k 8686/tc

echo ""
echo ""
echo "###############################"
echo "HAPROXY NEW PID: "
netstat -ntlup | egrep "PID|haproxy"
#END

#####################################
#/etc/haproxy/haproxy.cfg
#LastUpdate: #14:13 2017.06.29
#####################################
###HAPROXY: haproxy-restart.sh | haproxy-reload.sh | haproxy-stop.sh | haproxy-checkconfig.sh
#HAPROXY_BIN_img="/opt/setup/haproxy-1.6.7/haproxy"
#HAPROXY_CONFIG_img="/etc/haproxy/haproxy.cfg"
#####################################
#groupadd -g 3003 haproxy
#useradd -u 3003 -s /bin/false -d /bin/null -c "haproxy USER" -g haproxy haproxy

#fuser: command not found
#apt install psmisc

# example.com, file.example.com, upload.example.com, www.example.com, m.example.com, beta.example.com, img.example.com
#####################################
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
#Turn on stats unix socket:
#stats socket /var/lib/haproxy/stats

#____________________________________
#____________________________________FOR_HTTPS_CONFIG:BEGIN
tune.ssl.default-dh-param 2048

ssl-default-bind-options force-tlsv12 no-sslv3 no-tls-tickets
#ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

ssl-default-server-options force-tlsv12 no-sslv3 no-tls-tickets
#ssl-default-server-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#____________________________________
#____________________________________FOR_HTTPS_CONFIG:END
#####################################
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 120s
timeout queue 1m
timeout connect 120s
timeout client 1m
timeout server 1m
timeout http-keep-alive 1200s
timeout check 10s
maxconn 300000
balance roundrobin
stats enable
#stats hide-version
stats uri /haproxy?stats
stats refresh 10s
stats realm Haproxy\ Statistics
stats auth haproxy:1231234@Bds
stats auth u:p
#stats http-request

#1->2->3:
#####################################
#HTTP:
frontend FRONTEND_80
bind *:80

# acl whitelist src -f /etc/haproxy/whitelist.lst
# http-request deny if !whitelist

reqadd X-Forwarded-Proto:\ http

#Redirect all HTTP traffic to HTTPS:
#redirect scheme https if !{ ssl_fc }

#Redirect all HTTP traffic to HTTPS, but no "upload.xxx, apps.xxx":
#redirect scheme https code 301 if { hdr(Host) -i <all subdomain but no "upload.xxx, apps.xxx"> } !{ ssl_fc }

#redirect scheme https code 301 if !{ ssl_fc }
#redirect prefix https://example.com code 301 if { hdr(host) -i www.example.com }

#____________________________________
#1: FRONTEND ACL:
#SSL_RENEW:
acl URL_LETSENCRYPT_ACL path_beg /.well-known/acme-challenge/

acl URL_upload_ hdr_end(host) -i upload.example.com
acl URL_img_ hdr_end(host) -i img.example.com file.example.com
acl URL_ hdr_end(host) -i example.com m.example.com www.example.com
acl URL_beta_ hdr_end(host) -i beta.example.com

#____________________________________
#2: USE BACKEND:
#SSL_RENEW:
use_backend BE_URL_LETSENCRYPT_ACL if URL_LETSENCRYPT_ACL

use_backend BE_URL_upload_ if URL_upload_
use_backend BE_URL_img_ if URL_img_
use_backend BE_URL_ if URL_
use_backend BE_URL_beta_ if URL_beta_

#____________________________________
#3: BACKEND:
#SSL_RENEW:
backend BE_URL_LETSENCRYPT_ACL
server local_54321 127.0.0.1:54321

backend BE_URL_upload_
balance roundrobin
server local.8081 127.0.0.1:8081 check
backend BE_URL_img_
balance roundrobin
server local.64280 127.0.0.1:64280 check
backend BE_URL_
balance roundrobin
server srv_windows x.x.x.x:80 check
backend BE_URL_beta_
mode http
acl whitelist src -f /etc/haproxy/whitelist.lst
http-request deny if !whitelist
server srv_windows x.x.x.x:80 check




#10:00 2017.04.13
################
##__________FRONTEND_[INDO_BETA_1235]:BEGIN
#--------------------------------
#-----https://beta.example.com/
#--------------------------------
frontend FRONTEND_BETA_1235
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff

#bind *:1235 ssl crt /etc/haproxy/certs/example.com.pem no-sslv3
bind *:1235 ssl crt-list /etc/haproxy/crtlist.txt

option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
default_backend BACKEND_FRONTEND_BETA

backend BACKEND_FRONTEND_BETA
mode http
balance leastconn
acl whitelist src -f /etc/haproxy/whitelist.lst
http-request deny if !whitelist
server srv_windows x.x.x.x:1235 check
##__________FRONTEND_[INDO_BETA_1235]:END
#


#####################################
#HTTPS:
frontend FRONTEND_443
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff

#bind *:443 ssl crt /etc/haproxy/certs/example.com.pem no-sslv3
bind *:443 ssl crt-list /etc/haproxy/crtlist.txt
mode http
# acl whitelist src -f /etc/haproxy/whitelist.lst
# http-request deny if !whitelist
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https

redirect prefix https://example.com code 301 if { hdr(host) -i www.example.com }

#1->2->3:
#####################################
#____________________________________
#1: FRONTEND ACL:
#SSL_RENEW:
acl URLS_LETSENCRYPT_ACL path_beg /.well-known/acme-challenge/

acl URLS_upload_ hdr_end(host) -i upload.example.com
acl URLS_img_ hdr_end(host) -i img.example.com
acl URLS_ hdr_end(host) -i example.com m.example.com
acl URLS_beta_ hdr_end(host) -i beta.example.com
#____________________________________
#2: USE BACKEND:
#SSL_RENEW:
use_backend BE_URLS_LETSENCRYPT_ACL if URLS_LETSENCRYPT_ACL

use_backend BE_URLS_upload_ if URLS_upload_
use_backend BE_URLS_img_ if URLS_img_
use_backend BE_URLS_ if URLS_
use_backend BE_URLS_beta_ if URLS_beta_

#____________________________________
#3: BACKEND:
#SSL_RENEW:
backend BE_URLS_LETSENCRYPT_ACL
server local_54321 127.0.0.1:54321

backend BE_URLS_upload_
balance roundrobin
server local.8081 127.0.0.1:8081 check
backend BE_URLS_img_
balance roundrobin
server local.64280 127.0.0.1:64280 check
backend BE_URLS_
balance roundrobin
server srv_windows x.x.x.x:80 check
backend BE_URLS_beta_
acl whitelist src -f /etc/haproxy/whitelist.lst
http-request deny if !whitelist
server srv_windows x.x.x.x:80 check
#END

#/opt/script/le-renew-example.com.ini
#LastUpdate: #9:42 2017.08.04
###############################
#BEGIN
# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Let's Encrypt with
# "--help" to learn more about the available options.

#_____1. Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

#_____2. Uncomment and update to register with the specified e-mail address
email = tinhcx@gmail.com

#_____3. Uncomment and update to generate certificates for the specified
#domains = example.com, www.example.com
domains = example.com, cpanel.example.com, cpcalendars.example.com, cpcontacts.example.com, ftp.example.com, mail.example.com, webdisk.example.com, webmail.example.com, whm.example.com, www.example.com

# Uncomment to use a text interface instead of ncurses
# text = True

#_____4. Uncomment to use the standalone authenticator on port 443
#https://certbot.eff.org/docs/using.html#standalone
# authenticator = standalone
#TCP-443:
####
standalone-supported-challenges = http-01
#--preferred-challenges http to use port 80
#--preferred-challenges tls-sni to use port 443
#--preferred-challenges tls-sni = http-01

# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html
#END

#https://www.imagescape.com/blog/2016/11/08/letsencrypt-quick-setup/
#/opt/certbot-auto renew --text --no-self-upgrade > /var/log/letsencrypt_cron.log 2>&13

#!/bin/bash
#/opt/script/le-renew-example.com.sh
#LastUpdate: #9:45 2017.08.04
###########################################
####7za: COMPRESS: 7za a -mhe=on -p310212 <dest.7z> <src>
# EXTRACT : 7za x -mhe=on -p310212 <dest.7z>

#RENEW SSL CERT: T2-6h00, weekly:
#00 06 * * 1 /opt/script/le-renew-example.com.sh

###########################################
#/opt/setup/haproxy-1.6.7/haproxy -f /etc/haproxy/haproxy.cfg
###HAPROXY: haproxy-restart.sh | haproxy-reload.sh | haproxy-stop.sh | haproxy-checkconfig.sh
###########################################
# wget https://rhel6.iuscommunity.org/ius-release.rpmrpm -Uvh ius-release.rpm
# yum -y install epel-release
# yum -y --enablerepo=ius install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv
# yum -y install git

#apt-get -y install git;git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
#cd /opt/letsencrypt;./letsencrypt-auto certonly --standalone

#yum -y install tree bc p7zip || ( apt-get -y install tree bc p7zip-full </dev/null )

#======================================
SH_FILE_NAME="le-renew-example.com.sh"
CONFIG_FILE_NAME="le-renew-example.com.ini"
#======================================

fuser -k 54321/tcp
config_file="/opt/script/$CONFIG_FILE_NAME"
now1="$(date +'%Y.%m.%d-%H.%M.%S.%6N')"
web_service='haproxy'
domain=`grep "^\s*domains" $config_file | sed "s/^\s*domains\s*=\s*//" | sed 's/(\s*)\|,.*$//'`
http_01_port='54321'
combined_file="/etc/haproxy/certs/${domain}.pem"
le_path='/opt/letsencrypt'
exp_limit=90;

cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
key_file="/etc/letsencrypt/live/$domain/privkey.pem"
exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo $ $exp - $datenow $ / 86400 |bc)
echo "----------------------------------------------------"
echo "BEFORE: THOI HAN SU DUNG SSL CERT: [$days_exp] NGAY"
echo "----------------------------------------------------"
echo ""
sleep 5

#Backup current "HAPROXY", "LETSENCRYPT":
mkdir -p /opt/bk; cd /opt/bk;
#BACKUP : 7za a -mhe=on -p310212 letsencrypt-$(date +'%Y.%m.%d-%H.%M.%S.%3N').7z /etc/letsencrypt
#RESTORE: 7za x -mhe=on -p310212 letsencrypt-$now1.7z; cp -vR letsencrypt-$now1 /etc/
7za a -mhe=on -p310212 letsencrypt-$now1.7z /etc/letsencrypt > /opt/bk/null.log
7za a -mhe=on -p310212 haproxy-$now1.7z /etc/haproxy > /opt/bk/null.log

mkdir -p /etc/haproxy/bk
mkdir -p /etc/haproxy/certs/bk
#Backup current CERT before get new CERT:
cd /etc/haproxy/certs/
cp -vR $domain.pem $domain.pem-bk-$(date +'%Y.%m.%d-%H.%M.%S.%3N')

rm -rf /var/log/letsencrypt/*.log.*
ls -lh /var/log/letsencrypt

LE_LOG=/var/log/letsencrypt/letsencrypt.log
echo "###################################" >> $LE_LOG
echo "###################################" >> $LE_LOG
now1="$(date +'%Y.%m.%d-%H.%M.%S.%6N')"
echo "RE-NEW SSL CERT BEGIN ON [$now1]" >> $LE_LOG

cd /etc/
#rm -rf letsencrypt/archive
#rm -rf letsencrypt/live
#rm -rf letsencrypt/csr
#rm -rf letsencrypt/keys
#rm -rf letsencrypt/renewal
#rm -rf letsencrypt

if [ ! -f $config_file ]; then
echo "[ERROR] config file does not exist: [$config_file]"
echo ""
echo ""
sleep 5
exit 1;
fi

#cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
#key_file="/etc/letsencrypt/live/$domain/privkey.pem"

echo "########################"
echo "CERT + KEY FILE: "
echo "cert_file: $cert_file"
echo "key_file : $key_file"

if [ ! -f $cert_file ]; then
echo "[ERROR] certificate file not found for domain [$domain]."
echo ""
echo ""
sleep 5
fi

exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo $ $exp - $datenow $ / 86400 |bc)
echo "Checking expiration date for [$domain]..."
echo ""
echo ""
sleep 5

if [ "$days_exp" -gt "$exp_limit" ]; then
echo "The certificate is up to date, no need for renewal ($days_exp days left)."
echo ""
echo ""
sleep 5
exit 0;
else
echo "The certificate for [$domain] is about to expire soon. Starting Let's Encrypt (HAProxy:$http_01_port) renewal script..."
$le_path/letsencrypt-auto certonly --standalone --agree-tos --renew-by-default --config $config_file --http-01-port $http_01_port
#The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead.
#Saving debug log to /var/log/letsencrypt/letsencrypt.log

echo "Creating [$combined_file] with latest certs..."
sleep 5
sudo bash -c "cat /etc/letsencrypt/live/$domain/fullchain.pem /etc/letsencrypt/live/$domain/privkey.pem > $combined_file"

echo "----------------------------------------------------"
echo "CREATED SSL CERT"
echo "----------------------------------------------------"
ls -lh /etc/letsencrypt/live/$domain
echo "----------------------------------------------------"
sleep 5

#cd /etc/letsencrypt/live/$domain
#cat fullchain.pem privkey.pem > $domain.pem
#echo "########################"
#echo "Reloading [$web_service]"
#sleep 5
#/usr/sbin/service $web_service reload

exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo $ $exp - $datenow $ / 86400 |bc)
echo "----------------------------------------------------"
echo "AFTER: THOI HAN SU DUNG SSL CERT: [$days_exp] NGAY"
echo "----------------------------------------------------"
sleep 5
#tree /etc/letsencrypt
ls -l /etc/haproxy/certs/

#RESTART HAPROXY?:
#/opt/script/haproxy-restart.sh
#/opt/script/haproxy-reload.sh

echo "########################"
echo "Renewal process finished for domain [$domain]"

#Display expired date of new CERT:
echo "==================================================="
echo "VALIDATE TIME OF SSL CERT [$combined_file] :"
openssl x509 -noout -dates -in $combined_file
echo "==================================================="
echo ""

exit 0;
fi
#END
#
#

#/opt/script/le-expired-date-example.com.sh
#LastUpdate: #16:32 2017.07.24
############################################
cd /etc/haproxy/certs/

SSL_FILE_NAME=example.com.pem

echo "###################################################"
echo "VALIDATE TIME OF SSL CERT [$SSL_FILE_NAME] :"
openssl x509 -noout -dates -in $SSL_FILE_NAME

#END

#/etc/haproxy/crtlist.txt
#LastUpdate: #9:54 2017.07.24
###################################
# #HTTPS:
# frontend FRONTEND_443
# http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
# http-response set-header X-Frame-Options SAMEORIGIN
# http-response set-header X-Content-Type-Options nosniff
# bind *:443 ssl crt-list /etc/haproxy/crtlist.txt
# mode http
# option httpclose
# option forwardfor
# reqadd X-Forwarded-Proto:\ https
###################################

#9:55 2017.07.24
/etc/haproxy/certs/example.com.pem
#----------------------------------#END

#/etc/haproxy/whitelist.lst
# backend BE_URL
# acl whitelist src -f /etc/haproxy/whitelist.lst
# http-request deny if !whitelist
# balance roundrobin
# server local.8081 127.0.0.1:8081 check
#LastUpdate: #9:33 2017.09.16
#################################
#____________________WHITELIST:BEGIN
#x.x.x.x/32
#____________________WHITELIST:END

#END

ssl_expied_date.sh

#/etc/haproxy/certs/ssl_expied_date.sh
#LastUpdate: #14:29 2018.07.26
########################################
cd /etc/haproxy/certs/
######################

for var_temp in *.pem;
do
echo "_________________________"
echo 'SSL CERT: ' $var_temp:
openssl x509 -noout -dates -in $var_temp

done
echo "_________________________"
echo "#########################"

#THE-END

PROBLEM SOLVING ON UNIX/LINUX SYSTEMS

2017-09-21

LetsEncrypt SSL CERTIFICATE auto-renew

No comments:

Post a Comment