Mercurial Hosting > luan
comparison host/renewSsl.sh @ 2048:59f3a7f3d10b acme-tiny tip
add check for local_https in renewSsl.sh
| author | Violet7 |
|---|---|
| date | Tue, 11 Nov 2025 01:45:02 -0800 |
| parents | a4435e2e3417 |
| children |
comparison
equal
deleted
inserted
replaced
| 2046:e0896f65c847 | 2048:59f3a7f3d10b |
|---|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 set -e | |
| 3 cd "$1" || exit 1 | 4 cd "$1" || exit 1 |
| 5 | |
| 4 ROOTPWD=$(pwd) | 6 ROOTPWD=$(pwd) |
| 7 KEYFILE="$ROOTPWD/local/tiny_account.key" | |
| 8 for SITEROOT in "$ROOTPWD"/sites/*; do | |
| 9 { | |
| 10 # Skip if not a directory | |
| 11 [ -d "$SITEROOT" ] || continue | |
| 5 | 12 |
| 6 for SITEROOT in "$ROOTPWD"/sites/*; do | 13 DOMAIN=$(basename "$SITEROOT") |
| 7 # Skip if not a directory | 14 CSRFILE="$SITEROOT/$DOMAIN.csr" |
| 8 [ -d "$SITEROOT" ] || continue | 15 FULLCHAIN="$SITEROOT/fullchain.cer" |
| 16 CHALLENGEDIR="$SITEROOT/site/.well-known/acme-challenge" | |
| 17 TMPOUT="/tmp/$DOMAIN.crt" | |
| 18 echo "Processing domain: $DOMAIN" | |
| 9 | 19 |
| 10 DOMAIN=$(basename "$SITEROOT") | 20 # local_https.sh does not create a csr file, assume |
| 11 echo "Processing domain: $DOMAIN" | 21 # it is a self-signed local cert if it doesn't exist |
| 22 if [ ! -f "$CSRFILE" ]; then | |
| 23 echo "CSR file not found, assuming self-signed and skipping." | |
| 24 continue | |
| 25 fi | |
| 12 | 26 |
| 13 mkdir -p "$SITEROOT/site/.well-known/acme-challenge" | 27 mkdir -p "$CHALLENGEDIR" |
| 14 | 28 |
| 15 python3 "$ROOTPWD/acme_tiny.py" \ | 29 python3 "$ROOTPWD/acme_tiny.py" \ |
| 16 --account-key "$ROOTPWD/local/tiny_account.key" \ | 30 --account-key "$KEYFILE" \ |
| 17 --csr "$SITEROOT/$DOMAIN.csr" \ | 31 --csr "$CSRFILE" \ |
| 18 --acme-dir "$SITEROOT/site/.well-known/acme-challenge" \ | 32 --acme-dir "$CHALLENGEDIR" \ |
| 19 > "/tmp/$DOMAIN.crt" | 33 > "$TMPOUT" |
| 20 | 34 |
| 21 # check if exists | 35 # check if exists |
| 22 if [ -f "$SITEROOT/fullchain.cer" ]; then | 36 if [ -f "$FULLCHAIN" ]; then |
| 23 mv "$SITEROOT/fullchain.cer" "$SITEROOT/fullchain.cer.old" | 37 mv $FULLCHAIN "$FULLCHAIN.old" |
| 24 fi | 38 fi |
| 25 | 39 |
| 26 mv "/tmp/$DOMAIN.crt" "$SITEROOT/fullchain.cer" | 40 mv "$TMPOUT" "$FULLCHAIN" |
| 27 | 41 |
| 28 echo "Renewed certificate for $DOMAIN" | 42 echo "Renewed certificate for $DOMAIN" |
| 43 } || { | |
| 44 echo "Error processing $SITEROOT — skipping." | |
| 45 } | |
| 29 done | 46 done |
| 30 | 47 |
| 31 sudo /usr/local/bin/nginx -s reload | 48 sudo /usr/local/bin/nginx -s reload |
| 32 echo "Nginx reloaded." | 49 echo "Nginx reloaded." |