diff --git a/bin/dumpcerts b/bin/dumpcerts old mode 100755 new mode 100644 index 1c8e946..167bf24 --- a/bin/dumpcerts +++ b/bin/dumpcerts @@ -13,60 +13,68 @@ fail() { . /etc/federated -echo -ne "\n* Dumping certs from traefik into /federated/certs.new.." -traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs.new &> /dev/null -[ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs.new" -echo -ne "done." +if [[ "${PLUS}" != "true" ]]; then + echo -ne "\n* Dumping certs from traefik into /federated/certs.new.." + traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs.new &> /dev/null + [ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs.new" + echo -ne "done." -diff /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt &> /dev/null -if [ $? -eq 0 ]; then - echo -ne "\n* The certificates are the same (we are not restarting services)." -else - echo -ne "\n* The certificates are NOT the same (we will restart services)." - MATCH="no" -fi + diff /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt &> /dev/null + if [ $? -eq 0 ]; then + echo -ne "\n* The certificates are the same (we are not restarting services)." + else + echo -ne "\n* The certificates are NOT the same (we will restart services)." + MATCH="no" + fi -echo -ne "\n* Moving certs from /federated/certs.new into /federated/certs.." -cp /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt -[ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" -cp /federated/certs.new/private/$DOMAIN.key /federated/certs/private/$DOMAIN.key -[ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" -rm -rf /federated/certs.new -echo -ne "done." + echo -ne "\n* Moving certs from /federated/certs.new into /federated/certs.." + cp /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt + [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" + cp /federated/certs.new/private/$DOMAIN.key /federated/certs/private/$DOMAIN.key + [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" + rm -rf /federated/certs.new + echo -ne "done." -echo -ne "\n* Installing certs into /federated/apps that use it.." -# Install into PostgreSQL container -cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt -cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key -chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key -chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + echo -ne "\n* Installing certs into /federated/apps that use it.." + # Install into PostgreSQL container + cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt + cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key + chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key + chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key -# Install into LDAP container -cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/ + # Install into LDAP container + cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/ -# Install into Mail container -cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/ + # Install into Mail container + cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/ -# Install into Collabora container -#cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ -#chown 104 /federated/apps/collabora/data/root/certs/* + # Install into Collabora container + #cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ + #chown 104 /federated/apps/collabora/data/root/certs/* -# Install into Matrix container -cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/ -chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key -echo -ne "done.\n" - -if [ "$MATCH" = "no" ]; then - echo "\n* Restarting services that use the certificate.." - /federated/bin/stop postgresql - /federated/bin/stop ldap - /federated/bin/stop mail - /federated/bin/stop matrix - /federated/bin/start postgresql - /federated/bin/start ldap - /federated/bin/start mail - /federated/bin/start matrix + # Install into Matrix container + cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/ + chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key echo -ne "done.\n" -fi -echo -ne "\n\n" + if [ "$MATCH" = "no" ]; then + echo "\n* Restarting services that use the certificate.." + /federated/bin/stop postgresql + /federated/bin/stop ldap + /federated/bin/stop mail + /federated/bin/stop matrix + /federated/bin/start postgresql + /federated/bin/start ldap + /federated/bin/start mail + /federated/bin/start matrix + echo -ne "done.\n" + fi + + echo -ne "\n\n" +else + echo -ne "\n* Dumping certs from traefik into /federated/certs.." + traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/httpacme.json --dest /federated/certs &> /dev/null + [ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs" + echo -ne "done." + echo -ne "\n\n" +fi