acmesh-ssl.sh: read the fine manual

2024-11-23 03:39:23 +01:00 · 2019-08-09 16:03:39 +03:00 · 2019-08-09 16:03:39 +03:00 · 91b53784da
commit 91b53784da
parent 9fe2c9bfb3
1 changed files with 11 additions and 18 deletions
--- a/bash/acmesh-ssl.sh
+++ b/bash/acmesh-ssl.sh
@ -7,33 +7,26 @@
 # certificate copies.
 # Used with crontab.

-# The domain the certs are mainly issued for and is part of the CERTDIR name
+# The domain the certs are mainly issued for
 DOMAINNAME=relpda.mikaela.info
-# Where the certificates are stored
-CERTDIR=/root/.acme.sh/$DOMAINNAME
+
+# Where is acme.sh + flags applying to them all
+ACMESH="/root/.acme.sh/acme.sh --install-cert -d $DOMAINNAME"

 # Syncplay - TODO https://github.com/Syncplay/syncplay/issues/250
-cp $CERTDIR/fullchain.cer /opt/syncplay/ssl/chain.pem
-cp $CERTDIR/$DOMAINNAME.key /opt/syncplay/ssl/privkey.pem
-cp $CERTDIR/$DOMAINNAME.cer /opt/syncplay/ssl/cert.pem
+$ACMESH --cert-file /opt/syncplay/ssl/cert.pem --key-file /opt/syncplay/ssl/privkey.pem --fullchain-file /opt/syncplay/ssl/chain.pem --reloadcmd "systemctl restart syncplay-server --quiet"
 chmod -R 700 /opt/syncplay/ssl
 chown -R syncplay:root /opt/syncplay/ssl

 # Mumble
-cp $CERTDIR/{fullchain.cer,$DOMAINNAME.key} /var/lib/mumble-server/ssl/
+$ACMESH --fullchain-file /var/lib/mumble-server/ssl/fullchain.cer --key-file /var/lib/mumble-server/ssl/$DOMAINNAME.key --reloadcmd "systemctl restart mumble-server --quiet"
+# future on 1.3.0 +
+# --reloadcmd "pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1"
 chmod -R 700 /var/lib/mumble-server/ssl/
 chown -R mumble-server:mumble-server /var/lib/mumble-server/ssl/
-# 1.3.0+ reloads certificate without restart on SIGUSR1
-pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1

-# ZNC originally via https://wiki.znc.in/Signed_SSL_certificate#Certbot
-# then adjusted to certbot as Mumble above
-# Old method before ZNC 1.7.0
-#cat $CERTDIR/{$DOMAINNAME.key,fullchain.cer} > /home/znc/.znc/znc.pem
-#chmod 700 /home/znc/.znc/znc.pem
-#chown znc:znc /home/znc/.znc/znc.pem
-# New method since ZNC 1.7.0 (SSLCertFile & SSLKeyFile in znc.conf)
+# ZNC 1.7.0 (SSLCertFile & SSLKeyFile in znc.conf)
 # znc.conf's SSLDHParamFile is created by `openssl dhparam 2048 > /home/znc/.znc/ssl/dh.pem`
-cp $CERTDIR/{fullchain.cer,$DOMAINNAME.key} /home/znc/.znc/ssl/
+$ACMESH --fullchain-file /home/znc/.znc/ssl/fullchain.cer --key-file /home/znc/.znc/ssl/$DOMAINNAME.key
 chmod -R 700 /home/znc/.znc/ssl/
-chown -R znc:znc /home/znc/.znc/ssl/
+chown -R znc:znc /home/znc/.znc/ssl/