#!/bin/sh # New cert DOM=${1} KEY=${2} CRT=${3} CHAIN=${4} if [ -z $DOM -o -z $KEY -o -z $CRT -o -z $CHAIN ]; then echo "Usage: $0 domain /path/to/key /path/to/cert /path/to/chain" >&2 exit 1 fi if [ \! -e "$KEY" ]; then echo "Can't use $KEY as key (file doesn't exist)" >&2 exit 1 fi if [ \! -e "$CRT" ]; then echo "Can't use $CRT as certificate (file doesn't exist)" >&2 exit 1 fi if [ \! -e "$CHAIN" ]; then echo "Can't use $chain as certificate chain (file doesn't exist)" >&2 exit 1 fi /sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN # There's a new ssl-udpate event which update everything in a single event # fallback to manual operations if this event doesn't exist if [ -d /etc/e-smith/events/ssl-update ]; then /sbin/e-smith/signal-event ssl-update else /sbin/e-smith/expand-template /home/e-smith/db/ssl.pem/pem /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf /sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/cert.pem /usr/bin/sv 1 /service/httpd-e-smith /usr/bin/sv h /service/ldap /usr/bin/sv 1 /service/pop3s /usr/bin/sv h /service/qpsmtpd /usr/bin/sv h /service/sqpsmtpd if [ -d /service/dovecot ]; then /usr/bin/sv 1 /service/dovecot /usr/bin/sv h /service/dovecot else /usr/bin/sv 1 /service/imaps fi fi # Now revoke old certificates CUR_CRT=$(readlink /home/e-smith/db/letsencrypt.sh/certs/$DOM/cert.pem) for cert in $(find /home/e-smith/db/letsencrypt.sh/certs/$DOM/ -type f -name cert\*.pem -exec basename "{}" \;); do if [[ "$cert" != "$CUR_CRT" ]]; then /usr/bin/letsencrypt.sh -r /home/e-smith/db/letsencrypt.sh/certs/$DOM/$cert fi done