proxmox/scripts/archive/consolidated/verify/check-npmplus-certificate-status.sh

#!/usr/bin/env bash
# Check NPMplus certificate status and assignments

set -euo pipefail

# Load IP configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true


PROXMOX_HOST="${1:-192.168.11.11}"
CONTAINER_ID="${2:-10233}"

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔍 NPMplus Certificate Status Check"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""

# Check proxy host certificate assignments
echo "📋 Proxy Host Certificate Assignments:"
echo ""

PROXY_HOSTS_JSON=$(ssh root@"$PROXMOX_HOST" "pct exec $CONTAINER_ID -- docker exec npmplus node -e \"
const Database = require('better-sqlite3');
const db = new Database('/data/npmplus/database.sqlite', { readonly: true });
const hosts = db.prepare('SELECT id, domain_names, certificate_id, ssl_forced, http2_support FROM proxy_host ORDER BY id').all();
console.log(JSON.stringify(hosts));
db.close();
\" 2>&1" || echo "[]")

echo "$PROXY_HOSTS_JSON" | jq -r '.[] | "Host ID \(.id): \(.domain_names | fromjson | join(", ")) | Cert ID: \(.certificate_id) | SSL Forced: \(.ssl_forced) | HTTP2: \(.http2_support)"' 2>/dev/null | while IFS= read -r line; do
    echo "  $line"
done

echo ""

# Check certificates
echo "📜 Certificate Status:"
echo ""

CERT_JSON=$(ssh root@"$PROXMOX_HOST" "pct exec $CONTAINER_ID -- docker exec npmplus node -e \"
const Database = require('better-sqlite3');
const db = new Database('/data/npmplus/database.sqlite', { readonly: true });
const certs = db.prepare('SELECT id, domain_names, expires_on, created_on, provider FROM certificate WHERE is_deleted = 0 ORDER BY id').all();
console.log(JSON.stringify(certs));
db.close();
\" 2>&1" || echo "[]")

echo "$CERT_JSON" | jq -r '.[] | "Cert ID \(.id): \(.domain_names | fromjson | join(", ")) | Provider: \(.provider) | Expires: \(.expires_on)"' 2>/dev/null | while IFS= read -r line; do
    echo "  $line"
done

echo ""

# Check for certificate files
echo "📁 Certificate Files:"
echo ""

CERTBOT_DIRS=$(ssh root@"$PROXMOX_HOST" "pct exec $CONTAINER_ID -- docker exec npmplus find /data/tls/certbot/live -type d -mindepth 1 -maxdepth 1 2>/dev/null | wc -l" || echo "0")

if [ "$CERTBOT_DIRS" = "0" ]; then
    echo "  ⚠️  No certificate directories found in /data/tls/certbot/live/"
    echo "  ⚠️  Certificates may exist in database but have no actual certificate files"
else
    echo "  ✓ Found $CERTBOT_DIRS certificate directories"
    ssh root@"$PROXMOX_HOST" "pct exec $CONTAINER_ID -- docker exec npmplus ls -la /data/tls/certbot/live/ 2>/dev/null | head -20"
fi

echo ""

# Summary
UNASSIGNED=$(echo "$PROXY_HOSTS_JSON" | jq '[.[] | select(.certificate_id == 0 or .certificate_id == null)] | length' 2>/dev/null || echo "0")
ASSIGNED=$(echo "$PROXY_HOSTS_JSON" | jq '[.[] | select(.certificate_id != 0 and .certificate_id != null)] | length' 2>/dev/null || echo "0")
TOTAL_CERTS=$(echo "$CERT_JSON" | jq 'length' 2>/dev/null || echo "0")

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "📊 Summary:"
echo "  Total Certificates: $TOTAL_CERTS"
echo "  Proxy Hosts with Certificates: $ASSIGNED"
echo "  Proxy Hosts without Certificates: $UNASSIGNED"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""