From 00640cf8228136b496eb2ef861dc1ee8a4f39b0d Mon Sep 17 00:00:00 2001
From: David Schroeder <david@schroedercity.com>
Date: Wed, 22 Nov 2023 23:09:02 -0600
Subject: [PATCH] update

---
 inc/certs.inc       | 13 ++++++++++++-
 nodemgmt-scripts.sh | 11 +++++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/inc/certs.inc b/inc/certs.inc
index 1fb11774..2eaf4a4c 100755
--- a/inc/certs.inc
+++ b/inc/certs.inc
@@ -155,7 +155,7 @@ NIGHTLYRENEW(){
 	CONCAT_SSL
 	chown -R root:le ${NM_CERTPATH}
 	chmod -R 6775 ${NM_CERTPATH}
-	SERVICE_MGMT nginx reload >> ${NM_LOGFOLDER}/cert-renewal.lastrun
+	SERVICE_MGMT nginx reload
 }
 
 CONCAT_SSL(){
@@ -621,6 +621,17 @@ CHECK-CERTS(){
 	fi
 }
 
+UPGRADECERTS(){
+	ssldir=$(${NCMD} find ${NM_CERTPATH}/live/* -type d)
+	
+	i=1
+	for certdir in ${ssldir[@]}; do
+		SUBJECTNAMES=$(${NCMD} openssl x509 -in ${certdir}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
+		SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, }
+		SUBJECTNAMES=${SUBJECTNAMES//, /,}
+		echo "$certdir = $SUBJECTNAMES "
+	done
+}
 
 
 
diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh
index 8c93373d..457cbd08 100755
--- a/nodemgmt-scripts.sh
+++ b/nodemgmt-scripts.sh
@@ -453,7 +453,7 @@ export PDNS_Ttl=60
 		
 		LIVEMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum /etc/vmware-rhttpproxy/ssl/rui.crt | cut -d\  -f1")
 		CURRENTMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum ${VC_CERT} | cut -d\  -f1")
-		if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "forcexx" ]; then
+		if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "force" ]; then
 			echo -e "${idsCL[Yellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}"
 			echo
 			exit 0
@@ -463,12 +463,13 @@ export PDNS_Ttl=60
 		echo -e "${idsCL[LightCyan]}This process make take up to 10mins${idsCL[Default]}"
 		echo
 	
-		# ssh -q root@${NM_VC_HOSTNAME} "(printf '1\n%s\n' '${NM_VC_USER}'; sleep 1; printf '%s\n' '${NM_VC_PASS}'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '${VC_CERT}' '${VC_KEY}' '${VC_CHAIN}') | setsid /usr/lib/vmware-vmca/bin/certificate-manager"
+		ssh -q root@${NM_VC_HOSTNAME} "(printf '1\n%s\n' '${NM_VC_USER}'; sleep 1; printf '%s\n' '${NM_VC_PASS}'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '${VC_CERT}' '${VC_KEY}' '${VC_CHAIN}') | setsid /usr/lib/vmware-vmca/bin/certificate-manager"
+		
+		SENDNOTICE "vCenter SSL Updated" "Refresh/rescan any systems connecting to vcenter like Veeam"
 		
 		ssh -q root@${NM_VC_HOSTNAME} "rm -f /tmp/vcenter-update-ssl.sh"
 		rm -f /tmp/vcenter-update-ssl.sh
 	
-	
 		echo -e "\n${idsCL[Green]}The vCenter certifcate has been updated${idsCL[Default]}"
 		echo -e "${idsCL[LightCyan]}Don't forget to re-scan the vCenter connection in Veeam${idsCL[Default]}\n"
 	else
@@ -859,10 +860,12 @@ GUI(){
 		copynpmcerts) COPYCERTS_NPM ${2};;
 		checknpmcerts) CHECK_NPMCERTS;;
 		checkcerts) CHECK-CERTS ${2} ${3} ${4} ${5} ${6};;
+		upgradecerts) UPGRADECERTS ${2} ${3} ${4};;
+		
 		nightlyrenew)
 			if [ "${2}" == "q" ]; then
 				exec 3>&1 >>${NM_LOGFOLDER}/cert-renewal.lastrun 2>&1
-				echo "$(date +%Y-%m-%d-%H-%M-%S) #### vCenter Update Initiated ####"
+				echo "$(date +%Y-%m-%d-%H-%M-%S) #### Nightly Cert Renewal check Initiated ####"
 				mv -f ${NM_LOGFOLDER}/cert-renewal1.lastrun ${NM_LOGFOLDER}/cert-renewal2.lastrun
 				mv -f ${NM_LOGFOLDER}/cert-renewal.lastrun ${NM_LOGFOLDER}/cert-renewal1.lastrun
 			fi