Mercurial Hosting > luan
changeset 2119:57381da15e68 ssltesting tip
remove renewSsl.sh and renewSsl.plist
| author | Violet7 |
|---|---|
| date | Tue, 06 Jan 2026 15:10:58 -0800 |
| parents | 4253d6dfd737 |
| children | |
| files | host/macos/renewSsl.plist host/renewSsl.sh |
| diffstat | 2 files changed, 0 insertions(+), 104 deletions(-) [+] |
line wrap: on
line diff
--- a/host/macos/renewSsl.plist Tue Jan 06 15:05:40 2026 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,34 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> - <dict> - <key>Label</key> - <string>com.luanhost.renewSsl</string> - <key>ProgramArguments</key> - <array> - <string>ROOT/renewSsl.sh</string> - <string>ROOT</string> - </array> - <key>StartCalendarInterval</key> - <array> - <dict> - <key>Day</key> - <integer>1</integer> - <key>Hour</key> - <integer>00</integer> - <key>Minute</key> - <integer>00</integer> - </dict> - </array> - <key>AbandonProcessGroup</key> - <true/> - <key>UserName</key> - <string>USER</string> - <key>StandardErrorPath</key> - <string>LOG</string> - <key>StandardOutPath</key> - <string>LOG</string> - <key>RunAtLoad</key><false/> - <key>KeepAlive</key><false/> - </dict> -</plist>
--- a/host/renewSsl.sh Tue Jan 06 15:05:40 2026 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,70 +0,0 @@ -#!/bin/bash -set -e - -if [ -n "$1" ]; then - cd "$1" || echo "no first argument passed, staying in cwd" -fi - -ROOTPWD=$(pwd) -# this awkward method is used for portability -ROOTPWDOWNER=$(ls -ld $ROOTPWD | awk '{printf "%s", $3}') - -# change to owner of host/ if running as root -# prevents nginx being unable to read files owned by root -if [ "$(id -u)" -eq 0 ]; then - echo "switching to $ROOTPWDOWNER in order to preserve permissions" - exec sudo -u $ROOTPWDOWNER "$0" "$@" -fi - -KEYFILE="$ROOTPWD/local/tiny_account.key" -for SITEROOT in "$ROOTPWD"/sites/*; do - { - # Skip if not a directory - [ -d "$SITEROOT" ] || continue - - DOMAIN=$(basename "$SITEROOT") - SSLDIR="$SITEROOT/ssl" - CSRFILE="$SSLDIR/$DOMAIN.csr" - FULLCHAIN="$SSLDIR/fullchain.cer" - CHALLENGEDIR="$SSLDIR/.well-known/acme-challenge" - TMPOUT="$SSLDIR/$DOMAIN.crt.tmp" - echo "Processing domain: $DOMAIN" - - # local_https.sh does not create a csr file, assume - # it is a self-signed local cert if it doesn't exist - if [ ! -f "$CSRFILE" ]; then - echo "CSR file not found, assuming self-signed and skipping." - continue - fi - - mkdir -p "$CHALLENGEDIR" - - "$ROOTPWD/acme_tiny" \ - --account-key "$KEYFILE" \ - --csr "$CSRFILE" \ - --acme-dir "$CHALLENGEDIR" \ - >"$TMPOUT" - - # If TMPOUT is empty, something failed. - # Do not modify the current fullchain. - if [ ! -s "$TMPOUT" ]; then - echo "Error: $TMPOUT is empty - please see previous output for details.\nContinuing to next domain..." - rm -f "$TMPOUT" - continue - fi - - # check if exists - if [ -f "$FULLCHAIN" ]; then - mv $FULLCHAIN "$FULLCHAIN.old" - fi - - mv "$TMPOUT" "$FULLCHAIN" - - echo "Renewed certificate for $DOMAIN" - } || { - echo "Error processing $SITEROOT — skipping." - } -done - -sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf" -echo "Nginx reloaded."
