List all certificates

Hi there,

Is there a way to list all certificates on the server? I see the virtualmin list-certs command ( https://www.virtualmin.com/documentation/developer/cli/list_certs ), but there seem to be no options to display or sort on the expiry dates. That's the key information for me, as I know that a bunch of renewals have failed (due to seeing the subject lines in my logs), but I don't know how to look them up en masse without bothering the user and asking them to tell me information that I don't know about my own server.

Thanks.

Craig

Status: 
Closed (fixed)
Virtualmin version: 
6.12
Webmin version: 
1.955

Comments

Ilia's picture
Submitted by Ilia on Tue, 09/29/2020 - 15:50

Hi,

We have virtualmin-get-domains-ssl-status.pl command that I created specifically for this single purpose - to display certificates expiration date on the console using a table like output.

Try

/usr/libexec/webmin/virtual-server/bin/virtualmin-get-domains-ssl-status.pl

Hi Ilia,

Thanks very much. That got me the information I was looking for. Although sort options would be nice. :)

Craig

Ilia's picture
Submitted by Ilia on Tue, 09/29/2020 - 16:58

Assigned: Unassigned ยป

Yes, it would. We will discuss with Jamie about adding it as part of virtualmin command.

I could add expiry dates and other information to the output from list-certs ?

Hi Jamie,

I presume that's what Ilia's suggesting, and it sounds good to me.

Craig

With both alphabetical and date sort options.

You could actually do this with a shell script already :

for dom in `virtualmin list-domains --with-feature ssl`; do
  virtualmin get-ssl --domain $dom
done

Thanks Jamie, but not nearly as neat and table-like as Ilia's script.

It also had a lot of extraneous output:

Virtual server Ltd. does not exist

Displays SSL certificate information for some domain.

virtualmin get-ssl --domain name

"Ltd." in this case being the third word of the virtual server's description, the other two words also generating the same output.

Sorry, I gave the script wrong. It should be :

for dom in `virtualmin list-domains --name-only --with-feature ssl`; do
  virtualmin get-ssl --domain $dom
done

Thanks. That works without errors.

Ilia's picture
Submitted by Ilia on Fri, 10/09/2020 - 03:43

but not nearly as neat and table-like as Ilia's script.

Yes, this is the reason why I implemented it in the first place.

I could pretty easily make this an API command, I think. I'll work on it.

Ilia's picture
Submitted by Ilia on Fri, 10/09/2020 - 10:33

Okay, I have added this functionality to the core Virtualmin API, with additional sorting capabilities based on selected column and rich domain matching:

list-certs-expiry.pl
    Output the certificates expiry date for matching or all existing virtual
    servers.

    This program can be used to print SSL expiry dates for all existing
    domains. The following output controls available :

    "--all-domains" All existing domains

    "--domain" Domain name or a regex to match

    "--sort" Select a column to sort on, either expiry date or domain name

    "--sort-order" Sort order applied to selected column, either ascending
    or descending

    Required Perl dependencies Text::ASCIITable and Time::Piece will be
    automatically installed if missing


Output the certificates expiry date for matching or all existing virtual servers.

virtualmin list-certs-expiry --all-domains | --domain regex
                            [--sort [expiry|name]
                            [--sort-order [asc|desc]

Example of usage:

virtualmin list-certs-expiry --all-domains --sort expiry --sort-order desc    # list all domains, with descending sorting on expiry column
virtualmin list-certs-expiry --domain 2$ --sort name --sort-order asc         # list all domains, ending with '2',  with ascending sorting on domain name column

Example of output

root@debug-ubuntu20-pro:~# virtualmin list-certs-expiry --all-domains --sort expiry --sort-order asc
.-------------------------------------------------------------------------------------------------.
|                                SSL CERTIFICATES EXPIRATION DATES                                |
+----------------------+-------------------------------------+--------------+------------+--------+
| DOMAIN NAME          | PATH TO CERTIFICATE FILE            | VALID UNTIL  | EXPIRES IN | STATUS |
+----------------------+-------------------------------------+--------------+------------+--------+
| debug-ubuntu20-pro-2 | /home/debug-ubuntu20-pro-2/ssl.cert | Nov 27, 2020 | 49 days    | VALID  |
| debug-ubuntu20-pro   | /home/debug-ubuntu20-pro/ssl.cert   | Jan 07, 2021 | 89 days    | VALID  |
| debug-ubuntu20-pro-1 | /home/debug-ubuntu20-pro-1/ssl.cert | Oct 08, 2025 | 4 years    | VALID  |
'----------------------+-------------------------------------+--------------+------------+--------'
  • Ilia

Thanks Ilia. Looks good. I installed the script at /usr/libexec/webmin/virtual-server on a Pro server, named list-certs-expiry.pl owned by root with 755 permissions, but I had to change the path to perl on my system in the head of your script. The output was perfect.

Thanks!

Craig