Mercurial Hosting > luan

diff host/renewSsl.sh @ 2083:39d4215259ec ssltesting

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tabs instead of spaces
author Violet7
date Tue, 09 Dec 2025 22:12:51 -0800
parents cdc9a31c6f71
children
line wrap: on
line diff
--- a/host/renewSsl.sh	Tue Dec 09 17:53:16 2025 -0800
+++ b/host/renewSsl.sh	Tue Dec 09 22:12:51 2025 -0800
@@ -2,7 +2,7 @@
 set -e
 
 if [ -n "$1" ]; then
-  cd "$1" || echo "no first argument passed, staying in cwd"
+	cd "$1" || echo "no first argument passed, staying in cwd"
 fi
 
 ROOTPWD=$(pwd)
@@ -12,58 +12,58 @@
 # change to owner of host/ if running as root
 # prevents nginx being unable to read files owned by root
 if [ "$(id -u)" -eq 0 ]; then
-  echo "switching to $ROOTPWDOWNER in order to preserve permissions"
-  exec sudo -u $ROOTPWDOWNER "$0" "$@"
+	echo "switching to $ROOTPWDOWNER in order to preserve permissions"
+	exec sudo -u $ROOTPWDOWNER "$0" "$@"
 fi
 
 KEYFILE="$ROOTPWD/local/tiny_account.key"
 for SITEROOT in "$ROOTPWD"/sites/*; do
-  {
-    # Skip if not a directory
-    [ -d "$SITEROOT" ] || continue
+	{
+		# Skip if not a directory
+		[ -d "$SITEROOT" ] || continue
 
-    DOMAIN=$(basename "$SITEROOT")
-    SSLDIR="$SITEROOT/ssl"
-    CSRFILE="$SSLDIR/$DOMAIN.csr"
-    FULLCHAIN="$SSLDIR/fullchain.cer"
-    CHALLENGEDIR="$SITEROOT/.well-known/acme-challenge"
-    TMPOUT="$SSLDIR/$DOMAIN.crt.tmp"
-    echo "Processing domain: $DOMAIN"
+		DOMAIN=$(basename "$SITEROOT")
+		SSLDIR="$SITEROOT/ssl"
+		CSRFILE="$SSLDIR/$DOMAIN.csr"
+		FULLCHAIN="$SSLDIR/fullchain.cer"
+		CHALLENGEDIR="$SITEROOT/.well-known/acme-challenge"
+		TMPOUT="$SSLDIR/$DOMAIN.crt.tmp"
+		echo "Processing domain: $DOMAIN"
 
-    # local_https.sh does not create a csr file, assume
-    # it is a self-signed local cert if it doesn't exist
-    if [ ! -f "$CSRFILE" ]; then
-      echo "CSR file not found, assuming self-signed and skipping."
-      continue
-    fi
+		# local_https.sh does not create a csr file, assume
+		# it is a self-signed local cert if it doesn't exist
+		if [ ! -f "$CSRFILE" ]; then
+			echo "CSR file not found, assuming self-signed and skipping."
+			continue
+		fi
 
-    mkdir -p "$CHALLENGEDIR"
+		mkdir -p "$CHALLENGEDIR"
 
-    "$ROOTPWD/acme_tiny" \
-      --account-key "$KEYFILE" \
-      --csr "$CSRFILE" \
-      --acme-dir "$CHALLENGEDIR" \
-      >"$TMPOUT"
+		"$ROOTPWD/acme_tiny" \
+			--account-key "$KEYFILE" \
+			--csr "$CSRFILE" \
+			--acme-dir "$CHALLENGEDIR" \
+			>"$TMPOUT"
 
-    # If TMPOUT is empty, something failed.
-    # Do not modify the current fullchain.
-    if [ ! -s "$TMPOUT" ]; then
-      echo "Error: $TMPOUT is empty - please see previous output for details.\nContinuing to next domain..."
-      rm -f "$TMPOUT"
-      continue
-    fi
+		# If TMPOUT is empty, something failed.
+		# Do not modify the current fullchain.
+		if [ ! -s "$TMPOUT" ]; then
+			echo "Error: $TMPOUT is empty - please see previous output for details.\nContinuing to next domain..."
+			rm -f "$TMPOUT"
+			continue
+		fi
 
-    # check if exists
-    if [ -f "$FULLCHAIN" ]; then
-      mv $FULLCHAIN "$FULLCHAIN.old"
-    fi
+		# check if exists
+		if [ -f "$FULLCHAIN" ]; then
+			mv $FULLCHAIN "$FULLCHAIN.old"
+		fi
 
-    mv "$TMPOUT" "$FULLCHAIN"
+		mv "$TMPOUT" "$FULLCHAIN"
 
-    echo "Renewed certificate for $DOMAIN"
-  } || {
-    echo "Error processing $SITEROOT — skipping."
-  }
+		echo "Renewed certificate for $DOMAIN"
+	} || {
+		echo "Error processing $SITEROOT — skipping."
+	}
 done
 
 sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf"