SSL

# check certificate
https://www.ssllabs.com/ssltest/analyze.html
http://www.panticz.de/Check-SSL-TLS-server-encryption-support

# determine SSL certificate expiration date
openssl x509 -enddate -noout -in www.example.com.pem

# list certificate domains
cat cert.pem | openssl x509 -text | grep DNS
openssl s_client -showcerts -connect www.example.com:443 | openssl x509 -text | grep DNS

# Letsencrypt
http://www.panticz.de/letsencrypt

# remove password from private key
openssl rsa -in www.example.key.pass -out www.example.key

# cat / deploy certificate to remote host
ssh host1.example.com cat /root/certificates/example.com/{fullchain1.pem,privkey1.pem} | ssh ${HOST} "cat > /etc/haproxy/ssl/example.com.pem"

# Links
http://panticz.de/apache2_openssl_certificate
http://www.panticz.de/Install-SSL-CA-Certificate