Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- UNIFI_DOMAIN="unifi.example.com"
- WEECHAT_DOMAIN="weechat.example.com"
- WEECHAT_USER="username"
- DOMAIN_LIST="$UNIFI_DOMAIN $WEECHAT_DOMAIN www.example.com"
- ########################################################################
- #
- # Program header
- #
- ########################################################################
- CAT=/bin/cat
- CERTBOT=/usr/bin/certbot
- CHMOD=/usr/bin/chmod
- CHOWN=/usr/bin/chown
- FIND=/usr/bin/find
- KEYTOOL=/bin/keytool
- OPENSSL=/usr/bin/openssl
- RM=/bin/rm
- SU=/usr/bin/su
- SYSTEMCTL=/bin/systemctl
- TEST=/usr/bin/test
- TOUCH=/usr/bin/touch
- WHOAMI=/usr/bin/whoami
- for command in CAT CERTBOT CHMOD CHOWN FIND KEYTOOL OPENSSL RM SU SYSTEMCTL TEST TOUCH WHOAMI
- do
- if [ ! -f ${!command} ]
- then
- echo "Please install ${!command}"
- exit 1
- fi
- done
- if [ "$(${WHOAMI})" != "root" ]; then
- echo "Script must be run as root!"
- exit 1
- fi
- ########################################################################
- #
- # Renew certificates using certbot
- #
- ########################################################################
- ${CERTBOT} renew
- ########################################################################
- #
- # Update nginx certificates
- #
- ########################################################################
- reload_nginx=0
- for domain in ${DOMAIN_LIST}
- do
- if ${TEST} $(${FIND} /etc/letsencrypt/live/${domain}/cert.pem -mmin -60)
- then
- if [ ! -f /etc/nginx/ssl/${domain}_ssl.pem ]
- then
- ${TOUCH} /etc/nginx/ssl/${domain}_ssl.pem
- ${CHOWN} nginx:nginx /etc/nginx/ssl/${domain}_ssl.pem
- ${CHMOD} 0600 /etc/nginx/ssl/${domain}_ssl.pem
- ${TOUCH} /etc/nginx/ssl/${domain}_fullchain.pem
- ${CHOWN} nginx:nginx /etc/nginx/ssl/${domain}_fullchain.pem
- ${CHMOD} 0600 /etc/nginx/ssl/${domain}_fullchain.pem
- fi
- ${CAT} /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/nginx/ssl/${domain}_ssl.pem
- ${CAT} /etc/letsencrypt/live/${domain}/fullchain.pem > /etc/nginx/ssl/${domain}_fullchain.pem
- reload_nginx=1
- fi
- done
- if [ $reload_nginx -ne 0 ]
- then
- ${SYSTEMCTL} reload nginx.service
- fi
- ########################################################################
- #
- # Update weechat certificates
- #
- ########################################################################
- if test $(${FIND} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/cert.pem -mmin -60)
- then
- ${CAT} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/cert.pem /etc/letsencrypt/live/${WEECHAT_DOMAIN}/privkey.pem > /home/${WEECHAT_USER}/.weechat/ssl/${WEECHAT_DOMAIN}_ssl.pem
- ${CAT} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/fullchain.pem > /home/${WEECHAT_USER}/.weechat/ssl/${WEECHAT_DOMAIN}_fullchain.pem
- ${SU} -c 'echo "*/relay sslcertkey" > /home/${WEECHAT_USER}/.weechat/weechat_fifo_*' ${WEECHAT_USER}
- fi
- ########################################################################
- #
- # Update unifi certificates
- #
- ########################################################################
- if test $(${FIND} /etc/letsencrypt/live/${UNIFI_DOMAIN}/cert.pem -mmin -60)
- then
- ${SYSTEMCTL} stop unifi.service
- ${OPENSSL} \
- pkcs12 \
- -export \
- -inkey /etc/letsencrypt/live/${UNIFI_DOMAIN}/privkey.pem \
- -in /etc/letsencrypt/live/${UNIFI_DOMAIN}/fullchain.pem \
- -out /tmp/${UNIFI_DOMAIN}.p12 \
- -name ubnt \
- -password pass:temppass
- ${KEYTOOL} \
- -importkeystore \
- -deststorepass aircontrolenterprise \
- -destkeypass aircontrolenterprise \
- -destkeystore /opt/UniFi/data/keystore \
- -srckeystore /tmp/${UNIFI_DOMAIN}.p12 \
- -srcstoretype PKCS12 \
- -srcstorepass temppass \
- -alias ubnt \
- -noprompt
- ${RM} -f /tmp/${UNIFI_DOMAIN}.p12
- ${SYSTEMCTL} start unifi.service
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement