repo/luan: host/renewSsl.sh comparison

comparison host/renewSsl.sh @ 2083:39d4215259ec ssltesting

tabs instead of spaces

author	Violet7
date	Tue, 09 Dec 2025 22:12:51 -0800
parents	cdc9a31c6f71
children

comparison

equal deleted inserted replaced

-:cdc9a31c6f71
+:39d4215259ec
 #!/bin/bash
 set -e
 if [ -n "$1" ]; then
-cd "$1" || echo "no first argument passed, staying in cwd"
+	cd "$1" || echo "no first argument passed, staying in cwd"
 fi
 ROOTPWD=$(pwd)
 # this awkward method is used for portability
 ROOTPWDOWNER=$(ls -ld $ROOTPWD | awk '{printf "%s", $3}')
 # change to owner of host/ if running as root
 # prevents nginx being unable to read files owned by root
 if [ "$(id -u)" -eq 0 ]; then
-echo "switching to $ROOTPWDOWNER in order to preserve permissions"
+	echo "switching to $ROOTPWDOWNER in order to preserve permissions"
-exec sudo -u $ROOTPWDOWNER "$0" "$@"
+	exec sudo -u $ROOTPWDOWNER "$0" "$@"
 fi
 KEYFILE="$ROOTPWD/local/tiny_account.key"
 for SITEROOT in "$ROOTPWD"/sites/*; do
-{
+	{
-# Skip if not a directory
+		# Skip if not a directory
-[ -d "$SITEROOT" ] || continue
+		[ -d "$SITEROOT" ] || continue
-DOMAIN=$(basename "$SITEROOT")
+		DOMAIN=$(basename "$SITEROOT")
-SSLDIR="$SITEROOT/ssl"
+		SSLDIR="$SITEROOT/ssl"
-CSRFILE="$SSLDIR/$DOMAIN.csr"
+		CSRFILE="$SSLDIR/$DOMAIN.csr"
-FULLCHAIN="$SSLDIR/fullchain.cer"
+		FULLCHAIN="$SSLDIR/fullchain.cer"
-CHALLENGEDIR="$SITEROOT/.well-known/acme-challenge"
+		CHALLENGEDIR="$SITEROOT/.well-known/acme-challenge"
-TMPOUT="$SSLDIR/$DOMAIN.crt.tmp"
+		TMPOUT="$SSLDIR/$DOMAIN.crt.tmp"
-echo "Processing domain: $DOMAIN"
+		echo "Processing domain: $DOMAIN"
-# local_https.sh does not create a csr file, assume
+		# local_https.sh does not create a csr file, assume
-# it is a self-signed local cert if it doesn't exist
+		# it is a self-signed local cert if it doesn't exist
-if [ ! -f "$CSRFILE" ]; then
+		if [ ! -f "$CSRFILE" ]; then
-echo "CSR file not found, assuming self-signed and skipping."
+			echo "CSR file not found, assuming self-signed and skipping."
-continue
+			continue
-fi
+		fi
-mkdir -p "$CHALLENGEDIR"
+		mkdir -p "$CHALLENGEDIR"
-"$ROOTPWD/acme_tiny" \
+		"$ROOTPWD/acme_tiny" \
---account-key "$KEYFILE" \
+			--account-key "$KEYFILE" \
---csr "$CSRFILE" \
+			--csr "$CSRFILE" \
---acme-dir "$CHALLENGEDIR" \
+			--acme-dir "$CHALLENGEDIR" \
->"$TMPOUT"
+			>"$TMPOUT"
-# If TMPOUT is empty, something failed.
+		# If TMPOUT is empty, something failed.
-# Do not modify the current fullchain.
+		# Do not modify the current fullchain.
-if [ ! -s "$TMPOUT" ]; then
+		if [ ! -s "$TMPOUT" ]; then
-echo "Error: $TMPOUT is empty - please see previous output for details.\nContinuing to next domain..."
+			echo "Error: $TMPOUT is empty - please see previous output for details.\nContinuing to next domain..."
-rm -f "$TMPOUT"
+			rm -f "$TMPOUT"
-continue
+			continue
-fi
+		fi
-# check if exists
+		# check if exists
-if [ -f "$FULLCHAIN" ]; then
+		if [ -f "$FULLCHAIN" ]; then
-mv $FULLCHAIN "$FULLCHAIN.old"
+			mv $FULLCHAIN "$FULLCHAIN.old"
-fi
+		fi
-mv "$TMPOUT" "$FULLCHAIN"
+		mv "$TMPOUT" "$FULLCHAIN"
-echo "Renewed certificate for $DOMAIN"
+		echo "Renewed certificate for $DOMAIN"
-} || {
+	} || {
-echo "Error processing $SITEROOT — skipping."
+		echo "Error processing $SITEROOT — skipping."
-}
+	}
 done
 sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf"
 echo "Nginx reloaded."

Mercurial Hosting > luan

comparison host/renewSsl.sh @ 2083:39d4215259ec ssltesting