Mercurial Hosting > luan
comparison host/renewSsl.sh @ 2062:5ede71739221
merge branches
| author | Franklin Schmidt <fschmidt@gmail.com> |
|---|---|
| date | Sat, 15 Nov 2025 18:07:51 -0700 |
| parents | dd10659fcdb9 |
| children |
comparison
equal
deleted
inserted
replaced
| 2047:ea026254b3b6 | 2062:5ede71739221 |
|---|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 cd "$1"; | 3 set -e |
| 4 cd "$1" || exit 1 | |
| 4 | 5 |
| 5 ROOTPWD=$(pwd); | 6 ROOTPWD=$(pwd) |
| 7 KEYFILE="$ROOTPWD/local/tiny_account.key" | |
| 8 for SITEROOT in "$ROOTPWD"/sites/*; do | |
| 9 { | |
| 10 # Skip if not a directory | |
| 11 [ -d "$SITEROOT" ] || continue | |
| 6 | 12 |
| 7 ./acme.sh --renew-all --cert-home "$ROOTPWD"/sites --config-home "$ROOTPWD"/local/letsencrypt/config; | 13 DOMAIN=$(basename "$SITEROOT") |
| 14 CSRFILE="$SITEROOT/$DOMAIN.csr" | |
| 15 FULLCHAIN="$SITEROOT/fullchain.cer" | |
| 16 CHALLENGEDIR="$SITEROOT/site/.well-known/acme-challenge" | |
| 17 TMPOUT="/tmp/$DOMAIN.crt" | |
| 18 echo "Processing domain: $DOMAIN" | |
| 8 | 19 |
| 9 sudo /usr/local/bin/nginx -s reload; | 20 # local_https.sh does not create a csr file, assume |
| 21 # it is a self-signed local cert if it doesn't exist | |
| 22 if [ ! -f "$CSRFILE" ]; then | |
| 23 echo "CSR file not found, assuming self-signed and skipping." | |
| 24 continue | |
| 25 fi | |
| 26 | |
| 27 mkdir -p "$CHALLENGEDIR" | |
| 28 | |
| 29 "$ROOTPWD/acme_tiny" \ | |
| 30 --account-key "$KEYFILE" \ | |
| 31 --csr "$CSRFILE" \ | |
| 32 --acme-dir "$CHALLENGEDIR" \ | |
| 33 > "$TMPOUT" | |
| 34 | |
| 35 # check if exists | |
| 36 if [ -f "$FULLCHAIN" ]; then | |
| 37 mv $FULLCHAIN "$FULLCHAIN.old" | |
| 38 fi | |
| 39 | |
| 40 mv "$TMPOUT" "$FULLCHAIN" | |
| 41 | |
| 42 echo "Renewed certificate for $DOMAIN" | |
| 43 } || { | |
| 44 echo "Error processing $SITEROOT — skipping." | |
| 45 } | |
| 46 done | |
| 47 | |
| 48 sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf" | |
| 49 echo "Nginx reloaded." |