-
-
Notifications
You must be signed in to change notification settings - Fork 254
/
certbot-deploy-hook
executable file
·29 lines (23 loc) · 1.03 KB
/
certbot-deploy-hook
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/usr/bin/env bash
set -euo pipefail
backup() {
if [ -e "$1" ]; then
# If the user is setting up our automatic certbot-management on a
# system that already has certs for Zulip, use some extra caution
# to keep the old certs available. This naming is consistent with Zulip's
# own setup-certbot backups.
mv -f --backup=numbered "$1" "$1".setup-certbot || true
fi
}
source_cert_dir=/etc/letsencrypt/live/"$SETTING_EXTERNAL_HOST"
dest_cert_dir="$DATA_DIR"/certs
# Persist the certs to the data directory.
backup "$dest_cert_dir"/zulip.key
backup "$dest_cert_dir"/zulip.combined-chain.crt
cp -f "$source_cert_dir"/privkey.pem "$dest_cert_dir"/zulip.key
cp -f "$source_cert_dir"/fullchain.pem "$dest_cert_dir"/zulip.combined-chain.crt
# Ensure nginx can find them.
ln -nsf "$dest_cert_dir"/zulip.key /etc/ssl/private/zulip.key
ln -nsf "$dest_cert_dir"/zulip.combined-chain.crt /etc/ssl/certs/zulip.combined-chain.crt
# Restart various services so the new certs can be used.
supervisorctl restart nginx