From 302b51ed94604dbeb0357fc0034160eecac8bd34 Mon Sep 17 00:00:00 2001
From: Giorgio Ravera <giorgio.ravera@gmail.com>
Date: Tue, 24 Oct 2023 14:18:22 +0200
Subject: [PATCH] Added chain and fullchain to update_certificate

---
 update_certificate | 50 +++++++++++++++++++++++++++-------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/update_certificate b/update_certificate
index 33f710d..f488337 100755
--- a/update_certificate
+++ b/update_certificate
@@ -2,15 +2,21 @@
 
 # Parameters
 CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it"
-SRC_CERT="$CERT_PATH/fullchain.pem"
+SRC_CERT="$CERT_PATH/cert.pem"
 SRC_KEY="$CERT_PATH/privkey.pem"
+SRC_CHAIN="$CERT_PATH/chain.pem"
+SRC_FULLCHAIN="$CERT_PATH/fullchain.pem"
 DST_PATH="/etc/ssl/giorgioravera.it/"
 DST_CERT="$DST_PATH/cert.pem"
 DST_KEY="$DST_PATH/privkey.pem"
+DST_CHAIN="$DST_PATH/chain.pem"
+DST_FULLCHAIN="$DST_PATH/fullchain.pem"
 DST_SERVER="$DST_PATH/server.pem"
 DST_TMP_PATH="/tmp"
 DST_TMP_CERT="$DST_TMP_PATH/cert.pem"
 DST_TMP_KEY="$DST_TMP_PATH/key.pem"
+DST_TMP_CHAIN="$DST_TMP_PATH/chain.pem"
+DST_TMP_FULLCHAIN="$DST_TMP_PATH/fullchain.pem"
 DST_TMP_SERVER="$DST_TMP_PATH/server.pem"
 PATH="$PATH:/usr/local/bin"
 
@@ -22,7 +28,9 @@ function copy_certificate () {
 		ssh $USER@$HOST mkdir -p $DST_PATH
 		scp $SRC_CERT $USER@$HOST:$DST_CERT
 		scp $SRC_KEY $USER@$HOST:$DST_KEY
-		ssh $USER@$HOST "cat $DST_CERT > $DST_SERVER"
+		scp $SRC_CHAIN $USER@$HOST:$DST_CHAIN
+		scp $SRC_FULLCHAIN $USER@$HOST:$DST_FULLCHAIN
+		ssh $USER@$HOST "cat $DST_FULLCHAIN > $DST_SERVER"
 		ssh $USER@$HOST "cat $DST_KEY >> $DST_SERVER"
 		ssh $USER@$HOST $COMMAND
 	else
@@ -37,10 +45,12 @@ function update_certificate () {
 	if [ ! -z "$ALIVE" ]; then
 		scp $SRC_CERT $USER@$HOST:$DST_TMP_CERT
 		scp $SRC_KEY $USER@$HOST:$DST_TMP_KEY
-		ssh $USER@$HOST "cat $DST_TMP_CERT > $DST_TMP_SERVER"
+		scp $SRC_CHAIN $USER@$HOST:$DST_TMP_CHAIN
+		scp $SRC_FULLCHAIN $USER@$HOST:$DST_TMP_FULLCHAIN
+		ssh $USER@$HOST "cat $DST_TMP_FULLCHAIN > $DST_TMP_SERVER"
 		ssh $USER@$HOST "cat $DST_TMP_KEY >> $DST_TMP_SERVER"
 		ssh $USER@$HOST $COMMAND
-		ssh $USER@$HOST rm $DST_TMP_CERT $DST_TMP_KEY $DST_TMP_SERVER
+		ssh $USER@$HOST rm $DST_TMP_CERT $DST_TMP_KEY $DST_TMP_CHAIN $DST_TMP_FULLCHAIN $DST_TMP_SERVER 
 	else
 		echo "Host $HOST not alive, skipped"
 	fi
@@ -77,14 +87,14 @@ function update_asterisk () {
 	echo " ------------------------------- "
 	HOST="asterisk.giorgioravera.it"
 	USER="root"
-	COMMAND="cat $DST_TMP_CERT > /etc/asterisk/keys/Asterisk.crt &&
-		cat $DST_TMP_KEY > /etc/asterisk/keys/Asterisk.key &&
-		cat $DST_TMP_CERT > /etc/httpd/pki/webserver.crt &&
-		cat $DST_TMP_KEY > /etc/httpd/pki/webserver.key &&
-		fwconsole certificate --import &&
-		fwconsole certificate --default=0 &&
-		fwconsole reload &&
-		systemctl reload httpd.service"
+	COMMAND="cat $DST_TMP_FULLCHAIN > /etc/asterisk/keys/Asterisk.crt &&
+		 cat $DST_TMP_KEY > /etc/asterisk/keys/Asterisk.key &&
+		 cat $DST_TMP_FULLCHAIN > /etc/httpd/pki/webserver.crt &&
+	 	 cat $DST_TMP_KEY > /etc/httpd/pki/webserver.key &&
+		 fwconsole certificate --import &&
+		 fwconsole certificate --default=0 &&
+		 fwconsole reload &&
+		 systemctl reload httpd.service"
 	update_certificate
 	echo ""
 }
@@ -97,9 +107,9 @@ function update_nas () {
 	HOST="nas.giorgioravera.it"
 	USER="admin"
 	COMMAND="cat $DST_TMP_SERVER > /etc/stunnel/stunnel.pem &&
-		openssl pkcs12 -export -in /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pk12 -name nas.giorgioravera.it -password pass: &&
-		/etc/init.d/stunnel.sh restart"
-	#	/etc/init.d/plex.sh restart"
+		 openssl pkcs12 -export -in /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pk12 -name nas.giorgioravera.it -password pass: &&
+		 /etc/init.d/stunnel.sh restart"
+		 #/etc/init.d/plex.sh restart"
 	update_certificate
 	echo ""
 }
@@ -144,7 +154,7 @@ function update_xenserver () {
 	HOST="xenserver.giorgioravera.it"
 	USER="root"
 	COMMAND="cat $DST_TMP_SERVER > /etc/xensource/xapi-ssl.pem &&
-		systemctl restart xapi.service"
+		 systemctl restart xapi.service"
 	update_certificate
 	echo ""
 }
@@ -156,10 +166,10 @@ function update_pve () {
 	echo " ------------------------------- "
 	HOST="pve.giorgioravera.it"
 	USER="root"
-	COMMAND="cat $DST_TMP_CERT > /etc/pve/local/pveproxy-ssl.pem &&
-		cat $DST_TMP_KEY > /etc/pve/local/pveproxy-ssl.key &&
-		systemctl restart pveproxy.service &&
-		systemctl restart nginx.service"
+	COMMAND="cat $DST_TMP_FULLCHAIN > /etc/pve/local/pveproxy-ssl.pem &&
+		 cat $DST_TMP_KEY > /etc/pve/local/pveproxy-ssl.key &&
+		 systemctl restart pveproxy.service &&
+		 systemctl restart nginx.service"
 	update_certificate
 	echo ""
 }
-- 
2.47.3