Fix the Let's Encrypt renew hook script

Only copy over the certs to the prosody directory if it's the 5apps.com wildcard, not for any 5apps.com subdomain
2018-12-20 17:26:37 +01:00 · 2018-12-20 17:26:37 +01:00 · 56d14748f9
commit 56d14748f9
parent 74a1f1b8a1
1 changed files with 17 additions and 15 deletions
--- a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
@ -24,8 +24,10 @@ systemctl reload nginx
 # Copy the prosody certificates and restart the server if it has been renewed
 # This is necessary because the prosody user doesn't have access to the
 # letsencrypt live folder
-echo "${RENEWED_DOMAINS}" | grep 5apps.com
-if [ $? -ne 1 ]; then
+for domain in $RENEWED_DOMAINS; do
+  case $domain in
+  # Do not copy over when renewing other 5apps.com domains
+  5apps.com)
    cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/5apps.com.crt
    cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/5apps.com.key
    cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/muc.5apps.com.crt
@ -36,9 +38,9 @@ if [ $? -ne 1 ]; then
    chmod 600 /etc/prosody/certs/*.key
    chmod 640 /etc/prosody/certs/*.crt
    systemctl restart prosody
-else
-  exit 0
-fi
+    ;;
+  esac
+done
 EOF

 file "/usr/local/bin/letsencrypt_renew_hook" do