Mercurial Hosting > luan

--- a/host/macos/renewSsl.plist	Tue Jan 06 15:05:40 2026 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-    <dict>
-        <key>Label</key>
-            <string>com.luanhost.renewSsl</string>
-        <key>ProgramArguments</key>
-        <array>
-            <string>ROOT/renewSsl.sh</string>
-            <string>ROOT</string>
-        </array>
-        <key>StartCalendarInterval</key>
-        <array>
-            <dict>
-                <key>Day</key>
-                <integer>1</integer>
-                <key>Hour</key>
-                <integer>00</integer>
-                <key>Minute</key>
-                <integer>00</integer>
-            </dict>
-        </array>
-        <key>AbandonProcessGroup</key>
-            <true/>
-        <key>UserName</key>
-            <string>USER</string>
-        <key>StandardErrorPath</key>
-            <string>LOG</string>
-        <key>StandardOutPath</key>
-            <string>LOG</string>
-        <key>RunAtLoad</key><false/>
-        <key>KeepAlive</key><false/>
-    </dict>
-</plist>
--- a/host/renewSsl.sh	Tue Jan 06 15:05:40 2026 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,70 +0,0 @@
-#!/bin/bash
-set -e
-
-if [ -n "$1" ]; then
-	cd "$1" || echo "no first argument passed, staying in cwd"
-fi
-
-ROOTPWD=$(pwd)
-# this awkward method is used for portability
-ROOTPWDOWNER=$(ls -ld $ROOTPWD | awk '{printf "%s", $3}')
-
-# change to owner of host/ if running as root
-# prevents nginx being unable to read files owned by root
-if [ "$(id -u)" -eq 0 ]; then
-	echo "switching to $ROOTPWDOWNER in order to preserve permissions"
-	exec sudo -u $ROOTPWDOWNER "$0" "$@"
-fi
-
-KEYFILE="$ROOTPWD/local/tiny_account.key"
-for SITEROOT in "$ROOTPWD"/sites/*; do
-	{
-		# Skip if not a directory
-		[ -d "$SITEROOT" ] || continue
-
-		DOMAIN=$(basename "$SITEROOT")
-		SSLDIR="$SITEROOT/ssl"
-		CSRFILE="$SSLDIR/$DOMAIN.csr"
-		FULLCHAIN="$SSLDIR/fullchain.cer"
-		CHALLENGEDIR="$SSLDIR/.well-known/acme-challenge"
-		TMPOUT="$SSLDIR/$DOMAIN.crt.tmp"
-		echo "Processing domain: $DOMAIN"
-
-		# local_https.sh does not create a csr file, assume
-		# it is a self-signed local cert if it doesn't exist
-		if [ ! -f "$CSRFILE" ]; then
-			echo "CSR file not found, assuming self-signed and skipping."
-			continue
-		fi
-
-		mkdir -p "$CHALLENGEDIR"
-
-		"$ROOTPWD/acme_tiny" \
-			--account-key "$KEYFILE" \
-			--csr "$CSRFILE" \
-			--acme-dir "$CHALLENGEDIR" \
-			>"$TMPOUT"
-
-		# If TMPOUT is empty, something failed.
-		# Do not modify the current fullchain.
-		if [ ! -s "$TMPOUT" ]; then
-			echo "Error: $TMPOUT is empty - please see previous output for details.\nContinuing to next domain..."
-			rm -f "$TMPOUT"
-			continue
-		fi
-
-		# check if exists
-		if [ -f "$FULLCHAIN" ]; then
-			mv $FULLCHAIN "$FULLCHAIN.old"
-		fi
-
-		mv "$TMPOUT" "$FULLCHAIN"
-
-		echo "Renewed certificate for $DOMAIN"
-	} || {
-		echo "Error processing $SITEROOT — skipping."
-	}
-done
-
-sudo /usr/local/bin/nginx -s reload -c "$(pwd)/local/nginx.conf"
-echo "Nginx reloaded."