repo/luan: host/renewSsl.sh annotate

annotate host/renewSsl.sh @ 2082:cdc9a31c6f71 ssltesting

update renewSsl.sh to reflect changes in directory structure

author	Violet7
date	Tue, 09 Dec 2025 17:53:16 -0800
parents	385ab09fb2ca
children	39d4215259ec

rev	line source
1632 0344a535b1db add doc fffilimonov parents: diff changeset	1 #!/bin/bash
2072 b934176dfcf1 https hacks Franklin Schmidt <fschmidt@gmail.com> parents: 2061 diff changeset	2 set -e
1632 0344a535b1db add doc fffilimonov parents: diff changeset	3
2076 385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	4 if [ -n "$1" ]; then
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	5 cd "$1" \|\| echo "no first argument passed, staying in cwd"
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	6 fi
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	7
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	8 ROOTPWD=$(pwd)
2076 385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	9 # this awkward method is used for portability
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	10 ROOTPWDOWNER=$(ls -ld $ROOTPWD \| awk '{printf "%s", $3}')
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	11
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	12 # change to owner of host/ if running as root
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	13 # prevents nginx being unable to read files owned by root
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	14 if [ "$(id -u)" -eq 0 ]; then
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	15 echo "switching to $ROOTPWDOWNER in order to preserve permissions"
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	16 exec sudo -u $ROOTPWDOWNER "$0" "$@"
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	17 fi
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	18
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	19 KEYFILE="$ROOTPWD/local/tiny_account.key"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	20 for SITEROOT in "$ROOTPWD"/sites/*; do
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	21 {
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	22 # Skip if not a directory
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	23 [ -d "$SITEROOT" ] \|\| continue
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	24
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	25 DOMAIN=$(basename "$SITEROOT")
2082 cdc9a31c6f71 update renewSsl.sh to reflect changes in directory structure Violet7 parents: 2076 diff changeset	26 SSLDIR="$SITEROOT/ssl"
cdc9a31c6f71 update renewSsl.sh to reflect changes in directory structure Violet7 parents: 2076 diff changeset	27 CSRFILE="$SSLDIR/$DOMAIN.csr"
cdc9a31c6f71 update renewSsl.sh to reflect changes in directory structure Violet7 parents: 2076 diff changeset	28 FULLCHAIN="$SSLDIR/fullchain.cer"
cdc9a31c6f71 update renewSsl.sh to reflect changes in directory structure Violet7 parents: 2076 diff changeset	29 CHALLENGEDIR="$SITEROOT/.well-known/acme-challenge"
cdc9a31c6f71 update renewSsl.sh to reflect changes in directory structure Violet7 parents: 2076 diff changeset	30 TMPOUT="$SSLDIR/$DOMAIN.crt.tmp"
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	31 echo "Processing domain: $DOMAIN"
1632 0344a535b1db add doc fffilimonov parents: diff changeset	32
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	33 # local_https.sh does not create a csr file, assume
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	34 # it is a self-signed local cert if it doesn't exist
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	35 if [ ! -f "$CSRFILE" ]; then
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	36 echo "CSR file not found, assuming self-signed and skipping."
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	37 continue
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	38 fi
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	39
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	40 mkdir -p "$CHALLENGEDIR"
1632 0344a535b1db add doc fffilimonov parents: diff changeset	41
2061 dd10659fcdb9 Renew ssl monthly instead of daily; Fix renewSsl.sh Violet7 parents: 2052 diff changeset	42 "$ROOTPWD/acme_tiny" \
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	43 --account-key "$KEYFILE" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	44 --csr "$CSRFILE" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	45 --acme-dir "$CHALLENGEDIR" \
2076 385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	46 >"$TMPOUT"
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	47
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	48 # If TMPOUT is empty, something failed.
2082 cdc9a31c6f71 update renewSsl.sh to reflect changes in directory structure Violet7 parents: 2076 diff changeset	49 # Do not modify the current fullchain.
2076 385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	50 if [ ! -s "$TMPOUT" ]; then
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	51 echo "Error: $TMPOUT is empty - please see previous output for details.\nContinuing to next domain..."
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	52 rm -f "$TMPOUT"
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	53 continue
385ab09fb2ca initial draft Violet7 parents: 2072 diff changeset	54 fi
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	55
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	56 # check if exists
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	57 if [ -f "$FULLCHAIN" ]; then
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	58 mv $FULLCHAIN "$FULLCHAIN.old"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	59 fi
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	60
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	61 mv "$TMPOUT" "$FULLCHAIN"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	62
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	63 echo "Renewed certificate for $DOMAIN"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	64 } \|\| {
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	65 echo "Error processing $SITEROOT — skipping."
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	66 }
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	67 done
a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	68
2050 1f4c590bf0ae explicitly specify nginx conf Violet7 parents: 2048 diff changeset	69 sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	70 echo "Nginx reloaded."

Mercurial Hosting > luan

annotate host/renewSsl.sh @ 2082:cdc9a31c6f71 ssltesting