2023-06-20 21:45:14 -04:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# certbot deploy hook to copy certificates to mail4one when renewed.
|
2023-06-28 16:54:50 -04:00
|
|
|
# Initial setup, Install certbot(https://certbot.eff.org/) and run `certbot certonly` as root
|
2023-12-20 17:21:57 -05:00
|
|
|
# Doc: https://eff-certbot.readthedocs.io/en/latest/using.html#renewing-certificates
|
2023-06-28 16:54:50 -04:00
|
|
|
#
|
2023-06-20 21:45:14 -04:00
|
|
|
# This file is supposed to be copied to /etc/letsencrypt/renewal-hooks/deploy/
|
|
|
|
|
# Change the mail domain to the one on MX record
|
|
|
|
|
|
2024-04-01 18:09:36 -04:00
|
|
|
set -eu
|
|
|
|
|
|
2023-06-20 21:45:14 -04:00
|
|
|
if [ "$RENEWED_DOMAINS" = "mail.mydomain.com" ]
|
|
|
|
|
then
|
2024-04-01 18:09:36 -04:00
|
|
|
app=mail4one
|
|
|
|
|
appuser=$app
|
|
|
|
|
certpath="/var/lib/$app/certs"
|
|
|
|
|
|
|
|
|
|
mkdir -p "$certpath"
|
|
|
|
|
chmod 750 "$certpath"
|
|
|
|
|
|
|
|
|
|
chown $appuser:$appuser "$certpath"
|
|
|
|
|
install -o "$appuser" -g "$appuser" -m 444 "$RENEWED_LINEAGE/fullchain.pem" -t "$certpath"
|
|
|
|
|
install -o "$appuser" -g "$appuser" -m 400 "$RENEWED_LINEAGE/privkey.pem" -t "$certpath"
|
|
|
|
|
|
|
|
|
|
systemctl restart $app.service
|
|
|
|
|
echo "$(date) Renewed and deployed certificates for $app" >> /var/log/cert-renew.log
|
2023-06-20 21:45:14 -04:00
|
|
|
fi
|
