acmesh-ssl.sh: use $DOMAINNAME & chmod the certificates

bash/acmesh-ssl.sh

@@ -7,23 +7,27 @@
 # certificate copies.
 # Used with crontab.
 
-# Where the certificate files are
+# The domain the certs are mainly issued for and is part of the CERTDIR name
-CERTDIR=/root/.acme.sh/relpda.mikaela.info
+DOMAINNAME=relpda.mikaela.info
-# TODO when it generally works
+# Where the certificates are stored
-#DOMAINNAME=relpda.mikaela.info
+CERTDIR=/root/.acme.sh/$DOMAINNAME
 
 # Syncplay - TODO https://github.com/Syncplay/syncplay/issues/250
 cp $CERTDIR/fullchain.cer /opt/syncplay/ssl/chain.pem
-cp $CERTDIR/relpda.mikaela.info.key /opt/syncplay/ssl/privkey.pem
+cp $CERTDIR/$DOMAINNAME.key /opt/syncplay/ssl/privkey.pem
-cp $CERTDIR/relpda.mikaela.info.cer /opt/syncplay/ssl/cert.pem
+cp $CERTDIR/$DOMAINNAME.cer /opt/syncplay/ssl/cert.pem
+chmod -R 700 /opt/syncplay/ssl
 chown -R syncplay:root /opt/syncplay/ssl
 
 # Mumble
-cp $CERTDIR/{fullchain.cer,relpda.mikaela.info.key} /var/lib/mumble-server/ssl/
+cp $CERTDIR/{fullchain.cer,$DOMAINNAME.key} /var/lib/mumble-server/ssl/
+chmod -R 700 /var/lib/mumble-server/ssl/
 chown -R mumble-server:mumble-server /var/lib/mumble-server/ssl/
 # 1.3.0+ reloads certificate without restart on SIGUSR1
 pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1
 
 # ZNC originally via https://wiki.znc.in/Signed_SSL_certificate#Certbot
 # then adjusted to certbot as Mumble above
-cat $CERTDIR/{relpda.mikaela.info.key,fullchain.cer} > /home/znc/.znc/znc.pem
+cat $CERTDIR/{$DOMAINNAME.key,fullchain.cer} > /home/znc/.znc/znc.pem
+chmod 700 /home/znc/.znc/znc.pem
+chown znc:znc /home/znc/.znc/znc.pem