Mercurial Hosting > luan
changeset 2037:a4435e2e3417 acme-tiny
Edit scripts to use acme-tiny
| author | Violet7 |
|---|---|
| date | Sat, 08 Nov 2025 04:29:49 -0800 |
| parents | 2740f8a9ba3a |
| children | b4b3017ac28d |
| files | host/renewSsl.sh host/startup/nginx/nginx.conf.luan host/startup/nginx/nginx.default.conf.luan host/update.sh src/luan/host/https.luan |
| diffstat | 5 files changed, 35 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/host/renewSsl.sh Wed Nov 05 21:49:39 2025 -0800 +++ b/host/renewSsl.sh Sat Nov 08 04:29:49 2025 -0800 @@ -1,9 +1,32 @@ #!/bin/bash -cd "$1"; +cd "$1" || exit 1 +ROOTPWD=$(pwd) -ROOTPWD=$(pwd); +for SITEROOT in "$ROOTPWD"/sites/*; do + # Skip if not a directory + [ -d "$SITEROOT" ] || continue + + DOMAIN=$(basename "$SITEROOT") + echo "Processing domain: $DOMAIN" + + mkdir -p "$SITEROOT/site/.well-known/acme-challenge" -./acme.sh --renew-all --cert-home "$ROOTPWD"/sites --config-home "$ROOTPWD"/local/letsencrypt/config; + python3 "$ROOTPWD/acme_tiny.py" \ + --account-key "$ROOTPWD/local/tiny_account.key" \ + --csr "$SITEROOT/$DOMAIN.csr" \ + --acme-dir "$SITEROOT/site/.well-known/acme-challenge" \ + > "/tmp/$DOMAIN.crt" -sudo /usr/local/bin/nginx -s reload; + # check if exists + if [ -f "$SITEROOT/fullchain.cer" ]; then + mv "$SITEROOT/fullchain.cer" "$SITEROOT/fullchain.cer.old" + fi + + mv "/tmp/$DOMAIN.crt" "$SITEROOT/fullchain.cer" + + echo "Renewed certificate for $DOMAIN" +done + +sudo /usr/local/bin/nginx -s reload +echo "Nginx reloaded."
--- a/host/startup/nginx/nginx.conf.luan Wed Nov 05 21:49:39 2025 -0800 +++ b/host/startup/nginx/nginx.conf.luan Sat Nov 08 04:29:49 2025 -0800 @@ -27,5 +27,6 @@ } include <%=rootDir%>/sites/*/nginx.ssl.conf; + include /tmp/acme_setup/*/nginx.acme_setup.conf; } <%
--- a/host/startup/nginx/nginx.default.conf.luan Wed Nov 05 21:49:39 2025 -0800 +++ b/host/startup/nginx/nginx.default.conf.luan Sat Nov 08 04:29:49 2025 -0800 @@ -1,4 +1,4 @@ -local rootDir, leKey = ... +local rootDir = ... %> client_max_body_size 32m; @@ -14,11 +14,6 @@ charset utf-8; - location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" { - default_type text/plain; - return 200 "$1.<%=leKey%>"; - } - location ~ /(?<path>.*) { chunked_transfer_encoding off; proxy_cache_key $scheme$host$request_uri;
--- a/host/update.sh Wed Nov 05 21:49:39 2025 -0800 +++ b/host/update.sh Sat Nov 08 04:29:49 2025 -0800 @@ -14,15 +14,15 @@ rm -f logs/* hg identify >logs/changeset.txt -if [ ! -f local/leKey.txt ]; then - echo Register letsencrypt - ./acme.sh --set-default-ca --server letsencrypt - ./acme.sh --register-account --server letsencrypt --cert-home ./sites --config-home local/letsencrypt/config 2>&1 | grep 'ACCOUNT_THUMBPRINT' | awk -F "'" '{print $2}' >local/leKey.txt +if [ ! -f local/tiny_account.key ]; then + echo "Register letsencrypt (tiny-acme)" + openssl genrsa 4096 > local/tiny_account.key fi cp startup/nginx/mime.types local/mime.types +# id -gn gets the name of the primary group of the current user (staff) luan startup/nginx/nginx.conf.luan $(pwd) $(whoami) $(id -gn) >local/nginx.conf -luan startup/nginx/nginx.default.conf.luan $(pwd) $(cat local/leKey.txt) >local/nginx.default.conf +luan startup/nginx/nginx.default.conf.luan $(pwd) >local/nginx.default.conf echo Starting... ./start.sh
--- a/src/luan/host/https.luan Wed Nov 05 21:49:39 2025 -0800 +++ b/src/luan/host/https.luan Sat Nov 08 04:29:49 2025 -0800 @@ -120,7 +120,7 @@ -- Finally, get our cert signed by letsencrypt. local cmd = [[ - python acme_tiny.py --account-key ./local/tiny_account.key \ + python3 acme_tiny.py --account-key ./local/tiny_account.key \ --csr ]]..csr_file_str..[[ \ --acme-dir ]]..acme_challenges..[[ \ ]]