Monthly Archives: February 2016

RSS scraping with Python and passing new items to Slack using Webhooks

So my use case is that I wanted new Red Hat Errata published at to be sent to one of our Slack channels. However the above url contains all errata and I´m only interested in critical errata to keep down the noise in the slack channel.

* First step is to create a slack webhook, visit: . Add the new webhook to the webhook variable in the script below. Also change channel name, etc in the payload variable.
* Next you need save the script to your linux box, lets create directory /usr/local/bin/errata-to-slack .
* I´m also using a library called feedparser to parse the RSS: , download it and place it in the same directory as your script.
* Next you need to touch the datafile /var/lib/rhn-errata.txt which will hold a list of errata already sent to slack. If you will run the script as another user than root, you will need to chown the datafile to the correct user.

#!/usr/bin/env python                                                                                                                                               
import feedparser                                                                                                                                                   
import json                                                                                                                                                         
import os                                                                                                                                                           
import sys                                                                                                                                                          
import requests                                                                                                                                                     
d = feedparser.parse('')                                                                                                
webhook = ''                                                                           
for post in d.entries:                                                                                                                                              
  if post.title.find('Critical:') > 0:                                                                                                                              
    f = open(datafile, 'r+')                                                                                                                                        
    if post.title not in                                                                                                                                  
      payload = {                                                                                                                                                   
        'text': post.title + ": " + + "\n"                                                                                                                
      payload['channel'] = "#alerts"                                                                                                                                
      payload['username'] = "alerts"                                                                                                                                
      payload['icon_emoji'] = "ghost"                                                                                                                               
        res =, data=json.dumps(payload))                                                                                                      
      except Exception as e:                                                                                                                                        
        sys.stderr.write('An error occurred when trying to deliver the message:\n  {0}'.format(e.message))                                                          
      if res.ok:                                                                                                                                                    

Quick setup of Lets Encrypt on Apache with virtual hosts

This is a quick guide of how I setup letsencrypt on a Apache server with 3 SSL Virtual Hosts.


* CentOS7/RHEL7
* Apache with SNI support and virtualhosts already configured.
* Virtualhost web dir is /var/www/vhosts and conf dir is /etc/httpd/conf.d . Assuming one conf file per vhost.

* UPDATE: Old way has been replaced with certbot: , instruction below has been updated.
* Im using RHEL7 so enabling EPEL repo:
* Since its RHEL7, I also need to enable Optional repo with: subscription-manager repos –enable=rhel-7-server-optional-rpms

yum install certbot
certbot certonly -a webroot -w /var/www/vhosts/ -d -w /var/www/vhosts/ -d -w /var/www/vhosts/ -d

Update all apache configuration files for your vhosts in /etc/httpd/conf.d , comment out existing certificate files and add the new certificate:

SSLCertificateFile      /etc/letsencrypt/live/..../cert.pem
SSLCertificateKeyFile   /etc/letsencrypt/live/..../privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/..../fullchain.pem

Restart apache: systemctl restart httpd

Verify that the new certificates are working fine.

The certificates are only valid for a few months so you need to renew them or else they will expire.
I use the below script /usr/local/bin/letsencrypt-renew that I run as a cronjob:

/usr/bin/certbot certonly --config /etc/letsencrypt/cli.ini -w /var/www/vhosts/ -d -w /var/www/vhosts/ -d -w /var/www/vhosts/ -d
if [ "$?" -eq "0" ]; then
  /bin/systemctl restart httpd

The config file /etc/letsencrypt/cli.ini contains:

authenticator = webroot

And the cronjob /etc/cron.d/letsencrypt-renew runs at 08:00 the first day of the month every 2 months.

00 08 01 */2 * root /usr/local/bin/letsencrypt-renew >/var/log/letsencrypt-renew.log 2>&1

You can also add monitoring of certificate expiry using the check_http nagios plugin if you like:

check_http -H -S -C 30 --sni

This will trigger an alert if the certificate expires in less than 30 days which it never should if the letsencrypt-renew cronjob is running correctly.