# Parameters
CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it"
-SRC_CERT="$CERT_PATH/fullchain.pem"
+SRC_CERT="$CERT_PATH/cert.pem"
SRC_KEY="$CERT_PATH/privkey.pem"
+SRC_CHAIN="$CERT_PATH/chain.pem"
+SRC_FULLCHAIN="$CERT_PATH/fullchain.pem"
DST_PATH="/etc/ssl/giorgioravera.it/"
DST_CERT="$DST_PATH/cert.pem"
DST_KEY="$DST_PATH/privkey.pem"
+DST_CHAIN="$DST_PATH/chain.pem"
+DST_FULLCHAIN="$DST_PATH/fullchain.pem"
DST_SERVER="$DST_PATH/server.pem"
DST_TMP_PATH="/tmp"
DST_TMP_CERT="$DST_TMP_PATH/cert.pem"
DST_TMP_KEY="$DST_TMP_PATH/key.pem"
+DST_TMP_CHAIN="$DST_TMP_PATH/chain.pem"
+DST_TMP_FULLCHAIN="$DST_TMP_PATH/fullchain.pem"
DST_TMP_SERVER="$DST_TMP_PATH/server.pem"
PATH="$PATH:/usr/local/bin"
ssh $USER@$HOST mkdir -p $DST_PATH
scp $SRC_CERT $USER@$HOST:$DST_CERT
scp $SRC_KEY $USER@$HOST:$DST_KEY
- ssh $USER@$HOST "cat $DST_CERT > $DST_SERVER"
+ scp $SRC_CHAIN $USER@$HOST:$DST_CHAIN
+ scp $SRC_FULLCHAIN $USER@$HOST:$DST_FULLCHAIN
+ ssh $USER@$HOST "cat $DST_FULLCHAIN > $DST_SERVER"
ssh $USER@$HOST "cat $DST_KEY >> $DST_SERVER"
ssh $USER@$HOST $COMMAND
else
if [ ! -z "$ALIVE" ]; then
scp $SRC_CERT $USER@$HOST:$DST_TMP_CERT
scp $SRC_KEY $USER@$HOST:$DST_TMP_KEY
- ssh $USER@$HOST "cat $DST_TMP_CERT > $DST_TMP_SERVER"
+ scp $SRC_CHAIN $USER@$HOST:$DST_TMP_CHAIN
+ scp $SRC_FULLCHAIN $USER@$HOST:$DST_TMP_FULLCHAIN
+ ssh $USER@$HOST "cat $DST_TMP_FULLCHAIN > $DST_TMP_SERVER"
ssh $USER@$HOST "cat $DST_TMP_KEY >> $DST_TMP_SERVER"
ssh $USER@$HOST $COMMAND
- ssh $USER@$HOST rm $DST_TMP_CERT $DST_TMP_KEY $DST_TMP_SERVER
+ ssh $USER@$HOST rm $DST_TMP_CERT $DST_TMP_KEY $DST_TMP_CHAIN $DST_TMP_FULLCHAIN $DST_TMP_SERVER
else
echo "Host $HOST not alive, skipped"
fi
echo " ------------------------------- "
HOST="asterisk.giorgioravera.it"
USER="root"
- COMMAND="cat $DST_TMP_CERT > /etc/asterisk/keys/Asterisk.crt &&
- cat $DST_TMP_KEY > /etc/asterisk/keys/Asterisk.key &&
- cat $DST_TMP_CERT > /etc/httpd/pki/webserver.crt &&
- cat $DST_TMP_KEY > /etc/httpd/pki/webserver.key &&
- fwconsole certificate --import &&
- fwconsole certificate --default=0 &&
- fwconsole reload &&
- systemctl reload httpd.service"
+ COMMAND="cat $DST_TMP_FULLCHAIN > /etc/asterisk/keys/Asterisk.crt &&
+ cat $DST_TMP_KEY > /etc/asterisk/keys/Asterisk.key &&
+ cat $DST_TMP_FULLCHAIN > /etc/httpd/pki/webserver.crt &&
+ cat $DST_TMP_KEY > /etc/httpd/pki/webserver.key &&
+ fwconsole certificate --import &&
+ fwconsole certificate --default=0 &&
+ fwconsole reload &&
+ systemctl reload httpd.service"
update_certificate
echo ""
}
HOST="nas.giorgioravera.it"
USER="admin"
COMMAND="cat $DST_TMP_SERVER > /etc/stunnel/stunnel.pem &&
- openssl pkcs12 -export -in /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pk12 -name nas.giorgioravera.it -password pass: &&
- /etc/init.d/stunnel.sh restart"
- # /etc/init.d/plex.sh restart"
+ openssl pkcs12 -export -in /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pk12 -name nas.giorgioravera.it -password pass: &&
+ /etc/init.d/stunnel.sh restart"
+ #/etc/init.d/plex.sh restart"
update_certificate
echo ""
}
HOST="xenserver.giorgioravera.it"
USER="root"
COMMAND="cat $DST_TMP_SERVER > /etc/xensource/xapi-ssl.pem &&
- systemctl restart xapi.service"
+ systemctl restart xapi.service"
update_certificate
echo ""
}
echo " ------------------------------- "
HOST="pve.giorgioravera.it"
USER="root"
- COMMAND="cat $DST_TMP_CERT > /etc/pve/local/pveproxy-ssl.pem &&
- cat $DST_TMP_KEY > /etc/pve/local/pveproxy-ssl.key &&
- systemctl restart pveproxy.service &&
- systemctl restart nginx.service"
+ COMMAND="cat $DST_TMP_FULLCHAIN > /etc/pve/local/pveproxy-ssl.pem &&
+ cat $DST_TMP_KEY > /etc/pve/local/pveproxy-ssl.key &&
+ systemctl restart pveproxy.service &&
+ systemctl restart nginx.service"
update_certificate
echo ""
}
projects / scripts.git / commitdiff