From d24e5d393f9418c6c7fe0d9f261d60a1ae22f772 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Fri, 9 Aug 2019 14:25:42 +0300 Subject: [PATCH] acmesh-ssl.sh: use $DOMAINNAME & chmod the certificates --- bash/acmesh-ssl.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/bash/acmesh-ssl.sh b/bash/acmesh-ssl.sh index f00aca5..f00e82d 100644 --- a/bash/acmesh-ssl.sh +++ b/bash/acmesh-ssl.sh @@ -7,23 +7,27 @@ # certificate copies. # Used with crontab. -# Where the certificate files are -CERTDIR=/root/.acme.sh/relpda.mikaela.info -# TODO when it generally works -#DOMAINNAME=relpda.mikaela.info +# The domain the certs are mainly issued for and is part of the CERTDIR name +DOMAINNAME=relpda.mikaela.info +# Where the certificates are stored +CERTDIR=/root/.acme.sh/$DOMAINNAME # Syncplay - TODO https://github.com/Syncplay/syncplay/issues/250 cp $CERTDIR/fullchain.cer /opt/syncplay/ssl/chain.pem -cp $CERTDIR/relpda.mikaela.info.key /opt/syncplay/ssl/privkey.pem -cp $CERTDIR/relpda.mikaela.info.cer /opt/syncplay/ssl/cert.pem +cp $CERTDIR/$DOMAINNAME.key /opt/syncplay/ssl/privkey.pem +cp $CERTDIR/$DOMAINNAME.cer /opt/syncplay/ssl/cert.pem +chmod -R 700 /opt/syncplay/ssl chown -R syncplay:root /opt/syncplay/ssl # Mumble -cp $CERTDIR/{fullchain.cer,relpda.mikaela.info.key} /var/lib/mumble-server/ssl/ +cp $CERTDIR/{fullchain.cer,$DOMAINNAME.key} /var/lib/mumble-server/ssl/ +chmod -R 700 /var/lib/mumble-server/ssl/ chown -R mumble-server:mumble-server /var/lib/mumble-server/ssl/ # 1.3.0+ reloads certificate without restart on SIGUSR1 pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1 # ZNC originally via https://wiki.znc.in/Signed_SSL_certificate#Certbot # then adjusted to certbot as Mumble above -cat $CERTDIR/{relpda.mikaela.info.key,fullchain.cer} > /home/znc/.znc/znc.pem +cat $CERTDIR/{$DOMAINNAME.key,fullchain.cer} > /home/znc/.znc/znc.pem +chmod 700 /home/znc/.znc/znc.pem +chown znc:znc /home/znc/.znc/znc.pem \ No newline at end of file