Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # letsencrypt-for-pure-ftpd.sh: compares the ssl certficate/key used by pure-ftpd
- # with the current certificate/key issued by letsencrypt and copy the latter
- # to the former if they differ.
- # this can be run as a cronjob to propogate letsencrypt certificate changes
- # to pure-ftpd
- PUREFTPD_CERT=/etc/ssl/private/pure-ftpd.pem
- LE_DOMAIN=domain.tld
- LE_DIR=/etc/letsencrypt/live/${LE_DOMAIN}
- LE_CA=${LE_DIR}/chain.pem
- LE_CERT=${LE_DIR}/cert.pem
- LE_FULLCHAIN=${LE_DIR}/fullchain.pem
- LE_KEY=${LE_DIR}/privkey.pem
- OPENSSL=`which openssl 2>/dev/null | head -1`
- # Check if letsencrypt has been setup
- if [ ! -f ${LE_CA} -o ! -f ${LE_CERT} -o ! -f ${LE_FULLCHAIN} -o ! -f ${LE_KEY} ]
- then
- echo "Letsencrypt files not found. You must setup letsencrypt and issue a certificate first." 1>&2
- exit 0
- fi
- # Check openssl binary exists
- if [ ! -f ${OPENSSL} ]
- then
- echo "Cannot find openssl. Exiting." 1>&2
- exit 1
- fi
- # setup_certs() copies/formats the letsencrypt files for pure-ftpd
- function setup_cert() {
- cat ${LE_KEY} ${LE_FULLCHAIN} > ${PUREFTPD_CERT}
- chown root:ssl-cert ${PUREFTPD_CERT}
- chmod 640 ${PUREFTPD_CERT}
- }
- # restart pureftpd if it is running
- function restart_pureftpd_if_running() {
- /etc/init.d/pure-ftpd-mysql status 2>/dev/null >/dev/null
- if [ $? -eq 0 ]
- then
- service pure-ftpd-mysql restart >/dev/null
- fi
- }
- if [ ! -f ${PUREFTPD_CERT} ]
- then
- setup_cert && restart_pureftpd_if_running
- else # check if keys/certificates changed
- le_modulus=`${OPENSSL} rsa -noout -modulus -in ${LE_KEY} | md5sum`
- pureftpd_modulus=`${OPENSSL} rsa -noout -modulus -in ${PUREFTPD_CERT} | md5sum`
- le_serial=`${OPENSSL} x509 -noout -serial -in ${LE_CERT}`
- pureftpd_file_serial=`${OPENSSL} x509 -noout -serial -in ${PUREFTPD_CERT}`
- pureftpd_running_serial=`${OPENSSL} s_client -connect localhost:21 -starttls ftp </dev/null 2>/dev/null | ${OPENSSL} x509 -serial -noout`
- if [ "${le_modulus}" != "${pureftpd_modulus}" -o "${le_serial}" != "${pureftpd_file_serial}" -o "${le_serial}" != "${pureftpd_running_serial}" ]
- then
- setup_cert && restart_pureftpd_if_running
- fi
- fi
- exit 0
Add Comment
Please, Sign In to add comment