romfast/ROMFASTSQL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb474c37267a600538ec0dd1906003fdd611c661
ROMFASTSQL/proxmox/vm201-windows/scripts/check-ssl-certificates.ps1
Marius 4d51d5b2d2 Reorganize proxmox documentation into subdirectories per LXC/VM 
- Create cluster/ for Proxmox cluster infrastructure (SSH guide, HA monitor, UPS)
- Create lxc108-oracle/ for Oracle Database documentation and scripts
- Create vm201-windows/ for Windows 11 VM docs and SSL certificate scripts
- Add SSL certificate monitoring scripts (check-ssl-certificates.ps1, monitor-ssl-certificates.sh)
- Remove archived VM107 references (decommissioned)
- Update all cross-references between files
- Update main README.md with new structure and navigation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 17:02:49 +02:00

105 lines
3.2 KiB
PowerShell
Raw Blame History

# Script: check-ssl-certificates.ps1
# Locatie: D:\kit\ssl\check-ssl-certificates.ps1
# Scop: Verifica certificatele SSL IIS si forteaza reinstalarea daca expira in < 14 zile
# Rulare: Task Scheduler zilnic sau manual
param(
[int]$DaysBeforeExpiry = 14,
[switch]$Force,
[switch]$Verbose
)
$ErrorActionPreference = "Stop"
$LogFile = "C:\Tools\win-acme\ssl-check.log"
function Write-Log {
param([string]$Message)
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$logMessage = "[$timestamp] $Message"
Add-Content -Path $LogFile -Value $logMessage
if ($Verbose) { Write-Host $logMessage }
}
# Domenii de verificat
$domains = @(
@{ SiteId = 1; Domain = "roa.romfast.ro" },
@{ SiteId = 2; Domain = "dokploy.romfast.ro" },
@{ SiteId = 3; Domain = "gitea.romfast.ro" },
@{ SiteId = 4; Domain = "roa2web.romfast.ro" }
)
Write-Log "========== Verificare certificate SSL =========="
$renewedCount = 0
$errorCount = 0
foreach ($site in $domains) {
$domain = $site.Domain
$siteId = $site.SiteId
try {
# Verifica certificatul curent via HTTPS
$request = [System.Net.HttpWebRequest]::Create("https://$domain")
$request.AllowAutoRedirect = $false
$request.Timeout = 10000
$request.ServerCertificateValidationCallback = { $true }
try {
$response = $request.GetResponse()
$response.Close()
} catch [System.Net.WebException] {
# Ignoram erorile HTTP, ne intereseaza certificatul
}
$cert = $request.ServicePoint.Certificate
if ($null -eq $cert) {
Write-Log "EROARE: Nu s-a putut obtine certificatul pentru $domain"
$errorCount++
continue
}
$cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert
$expiryDate = $cert2.NotAfter
$daysLeft = ($expiryDate - (Get-Date)).Days
Write-Log "$domain - Expira: $expiryDate (inca $daysLeft zile)"
# Verifica daca trebuie reinnoirea
if ($daysLeft -lt $DaysBeforeExpiry -or $Force) {
Write-Log "ACTIUNE: Fortez reinstalare certificat pentru $domain (Site ID: $siteId)"
Push-Location "C:\Tools\win-acme"
$output = & .\wacs.exe --target iis --siteid $siteId --installation iis --force 2>&1
Pop-Location
if ($LASTEXITCODE -eq 0) {
Write-Log "SUCCES: Certificat reinstalat pentru $domain"
$renewedCount++
} else {
Write-Log "EROARE: Reinstalare esuata pentru $domain"
Write-Log $output
$errorCount++
}
}
} catch {
Write-Log "EXCEPTIE pentru ${domain}: $($_.Exception.Message)"
$errorCount++
}
}
# Restart IIS daca am reinoit certificate
if ($renewedCount -gt 0) {
Write-Log "Restart IIS..."
iisreset /restart | Out-Null
Write-Log "IIS restartat"
}
Write-Log "========== Sumar: $renewedCount reinnoite, $errorCount erori =========="
# Exit code pentru monitorizare
if ($errorCount -gt 0) {
exit 1
} else {
exit 0
}
Reference in New Issue View Git Blame Copy Permalink