kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Fix the Let's Encrypt renew hook script

Browse Source 
Only copy over the certs to the prosody directory if it's the 5apps.com
wildcard, not for any 5apps.com subdomain
This commit is contained in:
Greg Karékinian 2018-12-20 17:26:37 +01:00
parent 74a1f1b8a1
commit 56d14748f9
1 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
site-cookbooks/kosmos-base/recipes/letsencrypt.rb
View File

@ -24,8 +24,10 @@ systemctl reload nginx
# Copy the prosody certificates and restart the server if it has been renewed # Copy the prosody certificates and restart the server if it has been renewed
# This is necessary because the prosody user doesn't have access to the # This is necessary because the prosody user doesn't have access to the
# letsencrypt live folder # letsencrypt live folder
echo "${RENEWED_DOMAINS}" | grep 5apps.com for domain in $RENEWED_DOMAINS; do
if [ $? -ne 1 ]; then case $domain in
# Do not copy over when renewing other 5apps.com domains
5apps.com)
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/5apps.com.crt cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/5apps.com.crt
cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/5apps.com.key cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/5apps.com.key
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/muc.5apps.com.crt cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/muc.5apps.com.crt
@ -36,9 +38,9 @@ if [ $? -ne 1 ]; then
chmod 600 /etc/prosody/certs/*.key chmod 600 /etc/prosody/certs/*.key
chmod 640 /etc/prosody/certs/*.crt chmod 640 /etc/prosody/certs/*.crt
systemctl restart prosody systemctl restart prosody
else ;;
exit 0 esac
fi done
EOF EOF
file "/usr/local/bin/letsencrypt_renew_hook" do file "/usr/local/bin/letsencrypt_renew_hook" do