This commit is contained in:
Alarig Le Lay 2023-10-29 12:07:49 +01:00
parent 9fda2b204f
commit e17d4c4a01

View file

@ -1,29 +1,36 @@
#!/bin/sh #!/bin/sh
base_dir="/etc/ssl/nginx" PATH="$PATH:/sbin"
_EUID="$(id -u)"
service=$1
fqdn=$2
die() { die() {
echo "$@" >&2 echo "$@" >&2
exit 1 exit 1
} }
if [ -z "${service}" ] || [ -z ${fqdn} ]; then
die "service and fqdn have to be set"
fi
openssl x509 -checkend 2678400 -noout -in $base_dir/$1.crt base_dir="/etc/ssl/${service}"
openssl x509 -checkend 2678400 -noout -in $base_dir/${fqdn}.crt
if [ $? = 0 ]; then if [ $? = 0 ]; then
exit 1 exit 0
else else
mv $base_dir/$1.crt $base_dir/$1.crt.bak-$(date +%F) mv $base_dir/${fqdn}.crt $base_dir/${fqdn}.crt.bak-$(date +%F)
mv $base_dir/$1.chained.crt \ mv $base_dir/${fqdn}-chained.crt \
$base_dir/$1.chained.crt-$(date +%F) $base_dir/${fqdn}-chained.crt-$(date +%F)
certbot certonly \ certbot certonly \
--csr $base_dir/$1.csr \ --csr $base_dir/${fqdn}.csr \
--cert-path $base_dir/$1.crt \ --cert-path $base_dir/${fqdn}.crt \
--chain-path $base_dir/$1.chained.crt \ --chain-path $base_dir/${fqdn}-chained.crt \
--webroot \ --webroot \
-w /usr/local/www/le-challenges/ \ -w /var/www/le-challenges/ \
--agree-tos \ --agree-tos \
--register-unsafely-without-email || die "Error while signing certificate" --register-unsafely-without-email || die "Error while signing certificate"
mv 0000_chain.pem $base_dir/$1-chained.crt mv 0000_chain.pem $base_dir/${fqdn}-chained.crt
sudo service nginx reload rc-service ${service} reload
fi fi