Kapisi/roles/SSL/files/manual-ssl-renew

25 lines
894 B
Plaintext
Raw Normal View History

2021-01-01 12:45:34 -06:00
#!/bin/bash
if [ `whoami` != 'root' ]; then
sudo $0 $@
exit
fi
domain="$1"
certbot certonly -d ${domain} -d "*.${domain}" --manual --force-interactive --reuse-key
cat /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/letsencrypt/live/${domain}/certkey.pem
# PKCS12 for Emby
echo | openssl pkcs12 -password stdin -export -out /etc/letsencrypt/live/${domain}/ssl.pfx -inkey /etc/letsencrypt/live/${domain}/privkey.pem -in /etc/letsencrypt/live/${domain}/cert.pem -certfile /etc/letsencrypt/live/${domain}/fullchain.pem
cat /etc/letsencrypt/live/${domain}/ssl.pfx > /var/lib/emby/ssl/yggdrasil.pfx
systemctl restart webserver
systemctl restart yggdrasil
echo
echo "Don't forget to send \`/raw reloadmodule m_ssl_openssl.so\` to a NetAdmin session on AniNIX/IRC"
echo Add these to the TLSA records for the domain
bash ./tlsa-generation.bash