From 91b53784da9601997e417dddd26769426a802c42 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Fri, 9 Aug 2019 16:03:39 +0300
Subject: [PATCH] acmesh-ssl.sh: read the fine manual

---
 bash/acmesh-ssl.sh | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/bash/acmesh-ssl.sh b/bash/acmesh-ssl.sh
index 6df45d0..772a262 100644
--- a/bash/acmesh-ssl.sh
+++ b/bash/acmesh-ssl.sh
@@ -7,33 +7,26 @@
 # certificate copies.
 # Used with crontab.
 
-# The domain the certs are mainly issued for and is part of the CERTDIR name
+# The domain the certs are mainly issued for
 DOMAINNAME=relpda.mikaela.info
-# Where the certificates are stored
-CERTDIR=/root/.acme.sh/$DOMAINNAME
+
+# Where is acme.sh + flags applying to them all
+ACMESH="/root/.acme.sh/acme.sh --install-cert -d $DOMAINNAME"
 
 # Syncplay - TODO https://github.com/Syncplay/syncplay/issues/250
-cp $CERTDIR/fullchain.cer /opt/syncplay/ssl/chain.pem
-cp $CERTDIR/$DOMAINNAME.key /opt/syncplay/ssl/privkey.pem
-cp $CERTDIR/$DOMAINNAME.cer /opt/syncplay/ssl/cert.pem
+$ACMESH --cert-file /opt/syncplay/ssl/cert.pem --key-file /opt/syncplay/ssl/privkey.pem --fullchain-file /opt/syncplay/ssl/chain.pem --reloadcmd "systemctl restart syncplay-server --quiet"
 chmod -R 700 /opt/syncplay/ssl
 chown -R syncplay:root /opt/syncplay/ssl
 
 # Mumble
-cp $CERTDIR/{fullchain.cer,$DOMAINNAME.key} /var/lib/mumble-server/ssl/
+$ACMESH --fullchain-file /var/lib/mumble-server/ssl/fullchain.cer --key-file /var/lib/mumble-server/ssl/$DOMAINNAME.key --reloadcmd "systemctl restart mumble-server --quiet"
+# future on 1.3.0 +
+# --reloadcmd "pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1"
 chmod -R 700 /var/lib/mumble-server/ssl/
 chown -R mumble-server:mumble-server /var/lib/mumble-server/ssl/
-# 1.3.0+ reloads certificate without restart on SIGUSR1
-pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1
 
-# ZNC originally via https://wiki.znc.in/Signed_SSL_certificate#Certbot
-# then adjusted to certbot as Mumble above
-# Old method before ZNC 1.7.0
-#cat $CERTDIR/{$DOMAINNAME.key,fullchain.cer} > /home/znc/.znc/znc.pem
-#chmod 700 /home/znc/.znc/znc.pem
-#chown znc:znc /home/znc/.znc/znc.pem
-# New method since ZNC 1.7.0 (SSLCertFile & SSLKeyFile in znc.conf)
+# ZNC 1.7.0 (SSLCertFile & SSLKeyFile in znc.conf)
 # znc.conf's SSLDHParamFile is created by `openssl dhparam 2048 > /home/znc/.znc/ssl/dh.pem`
-cp $CERTDIR/{fullchain.cer,$DOMAINNAME.key} /home/znc/.znc/ssl/
+$ACMESH --fullchain-file /home/znc/.znc/ssl/fullchain.cer --key-file /home/znc/.znc/ssl/$DOMAINNAME.key
 chmod -R 700 /home/znc/.znc/ssl/
-chown -R znc:znc /home/znc/.znc/ssl/
\ No newline at end of file
+chown -R znc:znc /home/znc/.znc/ssl/