On Mon, Apr 28, 2025 at 11:44:16AM +0200, William Lallemand wrote: > On Mon, Apr 28, 2025 at 08:16:22AM +0200, William Lallemand wrote: > > Subject: Re: [ANNOUNCE] haproxy-3.2-dev12 > > On Sat, Apr 26, 2025 at 07:50:03AM +0200, Willy Tarreau wrote: > > > > > > Also I think such a feature independent from acme is still useful. I've > > > long wanted to have a "show ssl cert" sorted by expiration dates, with > > > an optional filter to list only those expiring in less than XXX seconds > > > or hours. This allows to perform basic monitoring that sends you a > > > message when it's time to renew them (or just to change the symlink on > > > the FS so that haproxy.org doesn't emit an error on the renewal day ;-)). > > > > There's already the "show ssl sni" command > > (https://docs.haproxy.org/dev/management.html#show%20ssl%20sni) which is > > able > > to filter by expiration date. We could improve the command to add an offset > > though. > > > > -- > > William Lallemand > > > > > > I just pushed this patch which allows a new offset option to 'show ssl sni': > https://github.com/haproxy/haproxy/commit/83975f34e40492aef6d62b6804da202a939e329a
Awesome, thanks! It's just not intuitive to me (as a user) why I should consult them by SNI and not just by cert, but I guess this is related to the way they are internally indexed. Willy
