repo/luan: host/renewSsl.sh annotate

annotate host/renewSsl.sh @ 2073:a70b603f82f5 default tip

nginx minor

author	Franklin Schmidt <fschmidt@gmail.com>
date	Sun, 07 Dec 2025 21:36:08 -0700
parents	b934176dfcf1
children

rev	line source
1632 0344a535b1db add doc fffilimonov parents: diff changeset	1 #!/bin/bash
2072 b934176dfcf1 https hacks Franklin Schmidt <fschmidt@gmail.com> parents: 2061 diff changeset	2 set -e
1632 0344a535b1db add doc fffilimonov parents: diff changeset	3
2072 b934176dfcf1 https hacks Franklin Schmidt <fschmidt@gmail.com> parents: 2061 diff changeset	4 # for now - fschmidt
b934176dfcf1 https hacks Franklin Schmidt <fschmidt@gmail.com> parents: 2061 diff changeset	5 echo 'totally fucked up'
b934176dfcf1 https hacks Franklin Schmidt <fschmidt@gmail.com> parents: 2061 diff changeset	6 exit 1
b934176dfcf1 https hacks Franklin Schmidt <fschmidt@gmail.com> parents: 2061 diff changeset	7
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	8 cd "$1" \|\| exit 1
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	9
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	10 ROOTPWD=$(pwd)
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	11 KEYFILE="$ROOTPWD/local/tiny_account.key"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	12 for SITEROOT in "$ROOTPWD"/sites/*; do
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	13 {
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	14 # Skip if not a directory
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	15 [ -d "$SITEROOT" ] \|\| continue
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	16
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	17 DOMAIN=$(basename "$SITEROOT")
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	18 CSRFILE="$SITEROOT/$DOMAIN.csr"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	19 FULLCHAIN="$SITEROOT/fullchain.cer"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	20 CHALLENGEDIR="$SITEROOT/site/.well-known/acme-challenge"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	21 TMPOUT="/tmp/$DOMAIN.crt"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	22 echo "Processing domain: $DOMAIN"
1632 0344a535b1db add doc fffilimonov parents: diff changeset	23
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	24 # local_https.sh does not create a csr file, assume
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	25 # it is a self-signed local cert if it doesn't exist
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	26 if [ ! -f "$CSRFILE" ]; then
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	27 echo "CSR file not found, assuming self-signed and skipping."
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	28 continue
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	29 fi
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	30
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	31 mkdir -p "$CHALLENGEDIR"
1632 0344a535b1db add doc fffilimonov parents: diff changeset	32
2061 dd10659fcdb9 Renew ssl monthly instead of daily; Fix renewSsl.sh Violet7 parents: 2052 diff changeset	33 "$ROOTPWD/acme_tiny" \
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	34 --account-key "$KEYFILE" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	35 --csr "$CSRFILE" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	36 --acme-dir "$CHALLENGEDIR" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	37 > "$TMPOUT"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	38
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	39 # check if exists
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	40 if [ -f "$FULLCHAIN" ]; then
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	41 mv $FULLCHAIN "$FULLCHAIN.old"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	42 fi
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	43
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	44 mv "$TMPOUT" "$FULLCHAIN"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	45
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	46 echo "Renewed certificate for $DOMAIN"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	47 } \|\| {
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	48 echo "Error processing $SITEROOT — skipping."
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	49 }
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	50 done
a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	51
2050 1f4c590bf0ae explicitly specify nginx conf Violet7 parents: 2048 diff changeset	52 sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	53 echo "Nginx reloaded."

Mercurial Hosting > luan

annotate host/renewSsl.sh @ 2073:a70b603f82f5 default tip