From b12a8b8f6b4ae9ec1c839f8fe11ffcc3af8a63b7 Mon Sep 17 00:00:00 2001
From: Jan Schulz-Hofen <jan@plan.io>
Date: Mon, 22 Jul 2024 10:45:37 +0200
Subject: [PATCH] Cronjob for cleaning up expired SSL certificates in order to
 improve page load times with many domains #2316

---
 setup/ssl.sh      |  9 +++++++++
 tools/ssl_cleanup | 17 +++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100755 tools/ssl_cleanup

diff --git a/setup/ssl.sh b/setup/ssl.sh
index 19a0c048..0aa9b136 100755
--- a/setup/ssl.sh
+++ b/setup/ssl.sh
@@ -96,3 +96,12 @@ fi
 if [ ! -f "$STORAGE_ROOT/ssl/dh2048.pem" ]; then
 	openssl dhparam -out "$STORAGE_ROOT/ssl/dh2048.pem" 2048
 fi
+
+# Cleanup expired SSL certificates from $STORAGE_ROOT/ssl daily
+cat > /etc/cron.daily/mailinabox-ssl-cleanup << EOF;
+#!/bin/bash
+# Mail-in-a-Box
+# Cleanup expired SSL certificates
+$(pwd)/tools/ssl_cleanup
+EOF
+chmod +x /etc/cron.daily/mailinabox-ssl-cleanup
diff --git a/tools/ssl_cleanup b/tools/ssl_cleanup
new file mode 100755
index 00000000..5adfa1be
--- /dev/null
+++ b/tools/ssl_cleanup
@@ -0,0 +1,17 @@
+#!/bin/bash
+# Cleanup SSL certificates which expired more than 7 days ago from $STORAGE_ROOT/ssl and move them to $STORAGE_ROOT/ssl.expired
+
+source /etc/mailinabox.conf
+shopt -s extglob
+
+retain_after="$(date --date="7 days ago" +%Y%m%d)"
+
+mkdir -p $STORAGE_ROOT/ssl.expired
+for file in $STORAGE_ROOT/ssl/*-+([0-9])-+([0-9a-f]).pem; do
+  pem="$(basename "$file")"
+  not_valid_after="$(cut -d- -f1 <<< "${pem: -21}")"
+
+  if [ "$not_valid_after" -lt "$retain_after" ]; then
+    mv "$file" "$STORAGE_ROOT/ssl.expired/${pem}"
+  fi
+done