118 lines
3.7 KiB
Bash
118 lines
3.7 KiB
Bash
#!/bin/zsh
|
|
cd ~/tls-cert-manager
|
|
|
|
echo "=== Certificate Validation Report ==="
|
|
echo
|
|
|
|
# 1. Check certificate files exist and have correct permissions
|
|
echo "1. Certificate Files:"
|
|
if [[ -f "certificates/git.lab.crt" ]]; then
|
|
echo " ✓ Certificate file exists"
|
|
ls -la certificates/git.lab.crt | awk '{print " Permissions:", $1, "Owner:", $3":"$4}'
|
|
else
|
|
echo " ✗ Certificate file missing"
|
|
fi
|
|
|
|
if [[ -f "certificates/git.lab.key" ]]; then
|
|
echo " ✓ Private key exists"
|
|
ls -la certificates/git.lab.key | awk '{print " Permissions:", $1, "Owner:", $3":"$4}'
|
|
else
|
|
echo " ✗ Private key missing"
|
|
fi
|
|
|
|
echo
|
|
|
|
# 2. Validate certificate content
|
|
echo "2. Certificate Validation:"
|
|
if openssl x509 -in certificates/git.lab.crt -noout -text >/dev/null 2>&1; then
|
|
echo " ✓ Certificate format is valid"
|
|
|
|
# Check expiration
|
|
if openssl x509 -in certificates/git.lab.crt -checkend 86400 >/dev/null 2>&1; then
|
|
echo " ✓ Certificate is not expired (valid for >24h)"
|
|
else
|
|
echo " ⚠ Certificate expires within 24 hours"
|
|
fi
|
|
|
|
# Show certificate details
|
|
echo " Certificate Details:"
|
|
openssl x509 -in certificates/git.lab.crt -text -noout | grep -E "(Subject:|DNS:|IP Address:|Not Before|Not After)" | sed 's/^/ /'
|
|
else
|
|
echo " ✗ Certificate format is invalid"
|
|
fi
|
|
|
|
echo
|
|
|
|
# 3. Check script permissions and existence
|
|
echo "3. Script Files:"
|
|
for script in create_inventory.sh generate_certificate.sh deploy_to_hosts.sh deploy_to_containers.sh cert_deployment_orchestrator.sh; do
|
|
if [[ -f "scripts/$script" ]]; then
|
|
if [[ -x "scripts/$script" ]]; then
|
|
echo " ✓ $script (executable)"
|
|
else
|
|
echo " ⚠ $script (not executable)"
|
|
fi
|
|
else
|
|
echo " ✗ $script (missing)"
|
|
fi
|
|
done
|
|
|
|
echo
|
|
|
|
# 4. Check network connectivity to git.lab
|
|
echo "4. Network Connectivity:"
|
|
if nslookup git.lab >/dev/null 2>&1; then
|
|
local_ip=$(nslookup git.lab | grep -A1 "Name:" | grep "Address:" | awk '{print $2}')
|
|
echo " ✓ git.lab resolves to: $local_ip"
|
|
|
|
if curl -k --connect-timeout 5 https://git.lab/ >/dev/null 2>&1; then
|
|
echo " ✓ HTTPS service is responding"
|
|
|
|
# Check current certificate
|
|
current_cert=$(echo | openssl s_client -servername git.lab -connect git.lab:443 2>/dev/null | openssl x509 -noout -subject -dates 2>/dev/null)
|
|
if [[ -n "$current_cert" ]]; then
|
|
echo " Current certificate in use:"
|
|
echo "$current_cert" | sed 's/^/ /'
|
|
fi
|
|
else
|
|
echo " ⚠ HTTPS service not responding or not accessible"
|
|
fi
|
|
else
|
|
echo " ✗ git.lab does not resolve"
|
|
fi
|
|
|
|
echo
|
|
|
|
# 5. Check for Coolify integration
|
|
echo "5. Coolify Integration:"
|
|
if [[ -d "/data/coolify/proxy/certificates" ]]; then
|
|
echo " ✓ Coolify certificates directory exists"
|
|
echo " Current certificates in Coolify:"
|
|
sudo ls -la /data/coolify/proxy/certificates/ | grep -E "\.(crt|key)$" | sed 's/^/ /'
|
|
else
|
|
echo " ⚠ Coolify certificates directory not found"
|
|
fi
|
|
|
|
echo
|
|
|
|
# 6. Check Docker containers (if Docker is available)
|
|
echo "6. Docker Environment:"
|
|
if command -v docker >/dev/null 2>&1; then
|
|
echo " ✓ Docker is available"
|
|
container_count=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l)
|
|
echo " Running containers: $container_count"
|
|
|
|
if [[ $container_count -gt 0 ]]; then
|
|
echo " Active containers:"
|
|
docker ps --format "table {{.Names}}\t{{.Image}}" | head -5 | tail -n +2 | sed 's/^/ /'
|
|
if [[ $container_count -gt 4 ]]; then
|
|
echo " ... and $((container_count - 4)) more"
|
|
fi
|
|
fi
|
|
else
|
|
echo " ⚠ Docker not available"
|
|
fi
|
|
|
|
echo
|
|
echo "=== Validation Complete ==="
|