repo/luan: host/renewSsl.sh annotate

annotate host/renewSsl.sh @ 2061:dd10659fcdb9 acme-tiny tip

Renew ssl monthly instead of daily; Fix renewSsl.sh

author	Violet7
date	Thu, 13 Nov 2025 23:17:16 -0800
parents	caeaf6e76467
children

rev	line source
1632 0344a535b1db add doc fffilimonov parents: diff changeset	1 #!/bin/bash
0344a535b1db add doc fffilimonov parents: diff changeset	2
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	3 set -e
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	4 cd "$1" \|\| exit 1
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	5
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	6 ROOTPWD=$(pwd)
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	7 KEYFILE="$ROOTPWD/local/tiny_account.key"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	8 for SITEROOT in "$ROOTPWD"/sites/*; do
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	9 {
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	10 # Skip if not a directory
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	11 [ -d "$SITEROOT" ] \|\| continue
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	12
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	13 DOMAIN=$(basename "$SITEROOT")
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	14 CSRFILE="$SITEROOT/$DOMAIN.csr"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	15 FULLCHAIN="$SITEROOT/fullchain.cer"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	16 CHALLENGEDIR="$SITEROOT/site/.well-known/acme-challenge"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	17 TMPOUT="/tmp/$DOMAIN.crt"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	18 echo "Processing domain: $DOMAIN"
1632 0344a535b1db add doc fffilimonov parents: diff changeset	19
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	20 # local_https.sh does not create a csr file, assume
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	21 # it is a self-signed local cert if it doesn't exist
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	22 if [ ! -f "$CSRFILE" ]; then
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	23 echo "CSR file not found, assuming self-signed and skipping."
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	24 continue
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	25 fi
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	26
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	27 mkdir -p "$CHALLENGEDIR"
1632 0344a535b1db add doc fffilimonov parents: diff changeset	28
2061 dd10659fcdb9 Renew ssl monthly instead of daily; Fix renewSsl.sh Violet7 parents: 2052 diff changeset	29 "$ROOTPWD/acme_tiny" \
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	30 --account-key "$KEYFILE" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	31 --csr "$CSRFILE" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	32 --acme-dir "$CHALLENGEDIR" \
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	33 > "$TMPOUT"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	34
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	35 # check if exists
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	36 if [ -f "$FULLCHAIN" ]; then
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	37 mv $FULLCHAIN "$FULLCHAIN.old"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	38 fi
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	39
2048 59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	40 mv "$TMPOUT" "$FULLCHAIN"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	41
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	42 echo "Renewed certificate for $DOMAIN"
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	43 } \|\| {
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	44 echo "Error processing $SITEROOT — skipping."
59f3a7f3d10b add check for local_https in renewSsl.sh Violet7 parents: 2037 diff changeset	45 }
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	46 done
a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	47
2050 1f4c590bf0ae explicitly specify nginx conf Violet7 parents: 2048 diff changeset	48 sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf"
2037 a4435e2e3417 Edit scripts to use acme-tiny Violet7 parents: 1758 diff changeset	49 echo "Nginx reloaded."

Mercurial Hosting > luan

annotate host/renewSsl.sh @ 2061:dd10659fcdb9 acme-tiny tip