From b3f94b360b0da6a16a372bd37ad4cd8b9c59d38a Mon Sep 17 00:00:00 2001 From: Beni Cherniavsky-Paskin Date: Fri, 29 Sep 2017 10:28:07 +0300 Subject: [PATCH] Add script to set heroku certs Switching to heroku due to openshift 2 shutdown #173 --- .../tls-certs-letsencrypt/heroku-set-certs.sh | 32 +++++++++++++++++++ .../tls-certs-letsencrypt/rhc-set-certs.sh | 2 +- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100755 deployment/tls-certs-letsencrypt/heroku-set-certs.sh diff --git a/deployment/tls-certs-letsencrypt/heroku-set-certs.sh b/deployment/tls-certs-letsencrypt/heroku-set-certs.sh new file mode 100755 index 0000000..42874be --- /dev/null +++ b/deployment/tls-certs-letsencrypt/heroku-set-certs.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Deploy certs files per https://devcenter.heroku.com/articles/ssl +# Requires `heroku` CLI, and being logged in. + +# (Alternative: paid dynos (including Hobby) can simply enable https://devcenter.heroku.com/articles/automated-certificate-management) + +set -e -u -o pipefail +set -x + +cd "$(dirname "$0")" + +# TODO: command-line parameters like rhc-set-certs.sh ? + +# One cert for all 4 domains. +main_domain='mathdown.net' +alt_domains=('www.mathdown.net' 'www.mathdown.com' 'mathdown.com') +domains=("$main_domain" "${alt_domains[@]}") + +app=mathdown +cert=certs/mathdown.net/cert.pem +privkey=certs/mathdown.net/privkey.pem +if heroku certs:info --app "$app"; then + heroku certs:update --app "$app" "$cert" "$privkey" +else + heroku certs:add --app "$app" "$cert" "$privkey" +fi + +curl --head "https://$main_domain/" + +echo 'To analyze certs & security:' +printf ' https://www.ssllabs.com/ssltest/analyze.html?d=%s&latest\n' "${domains[@]}" diff --git a/deployment/tls-certs-letsencrypt/rhc-set-certs.sh b/deployment/tls-certs-letsencrypt/rhc-set-certs.sh index dc3b8f3..60afbe0 100755 --- a/deployment/tls-certs-letsencrypt/rhc-set-certs.sh +++ b/deployment/tls-certs-letsencrypt/rhc-set-certs.sh @@ -30,7 +30,7 @@ else keyopts=(--certificate="certs/$main_domain"/fullchain.pem --private-key="$3" --passphrase="$4") fi -# In fish $X does the right thing, in bash I need "${X[@]}" and it only comes close. +# In fish $ARRAY does the right thing, in bash I need "${ARRAY[@]}" and it only comes close. echo '== before: ==' rhc alias list "${appopts[@]}"