Auto delete expired certificates

Hodson

Maybe there is a reason I am unaware of as to why you don't do this, but would it be possible to have the expired certificates auto-deleted?

I see this being especially useful for those using Lets Encrypt certs that are autogenerated by opalstack.

Note: I'm just a bit of a clean freak 😛

sean

We've got an open ticket for this, will add your vote.

davidmiles

sean

+1 for this.

In the same vein, it would be great if the control panel automatically hid expired certificates (with an option to show them), or what might be even better is if they were simply grouped by hostname (or hostnames, as I have multiple Let's Encrypt certificates defined as multiple domains). Then, only a single record would be shown for each hostname that has ever had a certificate, and a paged history of certificates could be visible when clicking a single row instead.

As it stands, I have 30 pages of certificates in the control panel. What's worse is that they're all sorted alphabetically. Having set some of these up since the beginning, having only 10 items per page means the first page has 9 rows dedicated to a single hostname's certificates (8 of which are expired), so there is really no way for me to easily see active certificates.

Ariel

Hello,

I have a quick Python script to delete the expired certificates. It uses Opalstack's API, see code below:

import os
from datetime import datetime

import requests

# create an API token at https://my.opalstack.com/tokens
OPAL_TOKEN = os.environ.get("OPAL_TOKEN")

OPAL_HEADERS = {
    'Authorization': f'Token {OPAL_TOKEN}',
    'Content-Type':'application/json'
}
# Obtain all certificates
certs = requests.get('https://my.opalstack.com/api/v1/cert/list/', headers=OPAL_HEADERS).json()
now = datetime.utcnow()

# For each cert, check if it is experided, and if so delete it
for cert in certs:
    raw_date = cert["exp_date"]
    date = datetime.strptime(raw_date, "%Y-%m-%dT%H:%M:%SZ")
    if date < now:
        print("EXPIRED", cert["name"], raw_date, date)
        response= requests.post('https://my.opalstack.com/api/v1/cert/delete/',json=[{"id": cert["id"]}],
            headers=OPAL_HEADERS)
        print(response.json())

In order to use it (you need Python installed):

First save the script in your local computer or in the server, and save it, for example, as delete_certs.py.

Create a virtual environment, activate and install requests:

python -m venv venv
source venv/bin/activate
pip install requests

Once you have an Opalstack's API token, you can create one at https://my.opalstack.com/tokens/, you can execute it the script with:

OPAL_TOKEN=[yourtoken] python delete_certs.py

On future executions, skip virtualenv creation, but don't forget to activate it:

source venv/bin/activate

I hope this helps you clean up your certificate page!

houdinihound

Ariel Works well, thanks. Although I think you may be able to skip the virtualenv steps as it seems that the 'requests' library is installed on all standard python server installations (at least on my two shared servers).