47 lines
1.2 KiB
Bash
Executable File
47 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
# request certificates
|
|
while read -r domain
|
|
do
|
|
if [ ! -d "/etc/letsencrypt/live/$domain" ]
|
|
then
|
|
certbot certonly --standalone \
|
|
-d "$domain" \
|
|
--non-interactive \
|
|
--agree-tos \
|
|
--email micha@0rpheus.net \
|
|
--rsa-key-size 4096 \
|
|
--webroot \
|
|
--webroot-path /var/www/html
|
|
fi
|
|
done < /etc/haproxy/all-domains.txt
|
|
|
|
# renew all certificates
|
|
certbot renew \
|
|
--rsa-key-size 4096 \
|
|
--webroot \
|
|
--webroot-path /var/www/html
|
|
|
|
# copy certificates
|
|
find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d | while read -r domain_path
|
|
do
|
|
domain=$(basename "$domain_path")
|
|
|
|
if grep -q "$domain" /etc/haproxy/domains.txt
|
|
then
|
|
pem_file=/etc/haproxy/certs/$domain.pem
|
|
cat "$domain_path/fullchain.pem" "$domain_path/privkey.pem" > "$pem_file"
|
|
chmod 600 "$pem_file"
|
|
fi
|
|
done
|
|
|
|
systemctl reload haproxy
|
|
/usr/local/bin/ocsp_update.sh
|
|
|
|
# prosody cert
|
|
prosodyctl --root cert import /etc/letsencrypt/live
|
|
systemctl restart prosody.service
|
|
|