|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
# New cert
|
|
|
|
DOM=${1}
|
|
|
|
KEY=${2}
|
|
|
|
CRT=${3}
|
|
|
|
CHAIN=${4}
|
|
|
|
|
|
|
|
if [ -z $DOM -o -z $KEY -o -z $CRT -o -z $CHAIN ]; then
|
|
|
|
echo "Usage: $0 domain /path/to/key /path/to/cert /path/to/chain" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ \! -e "$KEY" ]; then
|
|
|
|
echo "Can't use $KEY as key (file doesn't exist)" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
if [ \! -e "$CRT" ]; then
|
|
|
|
echo "Can't use $CRT as certificate (file doesn't exist)" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
if [ \! -e "$CHAIN" ]; then
|
|
|
|
echo "Can't use $chain as certificate chain (file doesn't exist)" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
/sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN
|
|
|
|
# There's a new ssl-udpate event which update everything in a single event
|
|
|
|
# fallback to manual operations if this event doesn't exist
|
|
|
|
if [ -d /etc/e-smith/events/ssl-update ]; then
|
|
|
|
/sbin/e-smith/signal-event ssl-update
|
|
|
|
else
|
|
|
|
/sbin/e-smith/expand-template /home/e-smith/db/ssl.pem/pem
|
|
|
|
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
|
|
|
|
/sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/cert.pem
|
|
|
|
/usr/bin/sv 1 /service/httpd-e-smith
|
|
|
|
/usr/bin/sv h /service/ldap
|
|
|
|
/usr/bin/sv 1 /service/pop3s
|
|
|
|
/usr/bin/sv h /service/qpsmtpd
|
|
|
|
/usr/bin/sv h /service/sqpsmtpd
|
|
|
|
if [ -d /service/dovecot ]; then
|
|
|
|
/usr/bin/sv 1 /service/dovecot
|
|
|
|
/usr/bin/sv h /service/dovecot
|
|
|
|
else
|
|
|
|
/usr/bin/sv 1 /service/imaps
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
# Now revoke old certificates
|
|
|
|
CUR_CRT=$(readlink /home/e-smith/db/letsencrypt.sh/certs/$DOM/cert.pem)
|
|
|
|
for cert in $(find /home/e-smith/db/letsencrypt.sh/certs/$DOM/ -type f -name cert\*.pem -exec basename "{}" \;); do
|
|
|
|
if [[ "$cert" != "$CUR_CRT" ]]; then
|
|
|
|
/usr/bin/letsencrypt.sh -r /home/e-smith/db/letsencrypt.sh/certs/$DOM/$cert
|
|
|
|
fi
|
|
|
|
done
|