Mercurial Hosting > luan

view host/renewSsl.sh @ 2048:59f3a7f3d10b acme-tiny tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add check for local_https in renewSsl.sh
author Violet7
date Tue, 11 Nov 2025 01:45:02 -0800
parents a4435e2e3417
children
line wrap: on
line source

#!/bin/bash

set -e
cd "$1" || exit 1

ROOTPWD=$(pwd)
KEYFILE="$ROOTPWD/local/tiny_account.key"
for SITEROOT in "$ROOTPWD"/sites/*; do
  {
    # Skip if not a directory
    [ -d "$SITEROOT" ] || continue

    DOMAIN=$(basename "$SITEROOT")
    CSRFILE="$SITEROOT/$DOMAIN.csr"
    FULLCHAIN="$SITEROOT/fullchain.cer"
    CHALLENGEDIR="$SITEROOT/site/.well-known/acme-challenge"
    TMPOUT="/tmp/$DOMAIN.crt"
    echo "Processing domain: $DOMAIN"

    # local_https.sh does not create a csr file, assume
    # it is a self-signed local cert if it doesn't exist
    if [ ! -f "$CSRFILE" ]; then
      echo "CSR file not found, assuming self-signed and skipping."
      continue
    fi

    mkdir -p "$CHALLENGEDIR"

    python3 "$ROOTPWD/acme_tiny.py" \
      --account-key "$KEYFILE" \
      --csr "$CSRFILE" \
      --acme-dir "$CHALLENGEDIR" \
      > "$TMPOUT"

    # check if exists
    if [ -f "$FULLCHAIN" ]; then
      mv $FULLCHAIN "$FULLCHAIN.old"
    fi

    mv "$TMPOUT" "$FULLCHAIN"

    echo "Renewed certificate for $DOMAIN"
  } || {
    echo "Error processing $SITEROOT — skipping."
  }
done

sudo /usr/local/bin/nginx -s reload
echo "Nginx reloaded."