-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathvesta-server-ssl-cert.sh
85 lines (78 loc) · 2.71 KB
/
vesta-server-ssl-cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash
# info: check SSL certificates
# options: NONE
#
# The script checks for new LetsEncrypt certificates in /home/admin/conf/web/ssl.[SERVER-FQDN].*
# and it installs the new certificates for all services before restarting them.
# Notification email parameters
mailto='CHANGE THIS TO YOUR EMAIL ADDRESS'
mailsub="Server SSL Renewal: "$(hostname -f)
LOGFILE=vesta-server-ssl-cert.log
# Set the paths of SSL certificates to check
path2le=/home/admin/conf/web
path2ve=/usr/local/vesta/ssl
path2sq=/etc/mysql
# Certificates to check
LEcrt="${path2le}/ssl."$(hostname -f)".crt"
LEkey="${path2le}/ssl."$(hostname -f)".key"
LEpem="${path2le}/ssl."$(hostname -f)".pem"
VEcrt="${path2ve}/certificate.crt"
VEkey="${path2ve}/certificate.key"
VEpem="${path2ve}/certificate.pem"
# Compare current certificate with auto generated ones from LetsEncrypt
if ! cmp --silent $LEcrt $VEcrt
then
echo CERTIFICATES DIFFERENT - UPDATING > $LOGFILE 2>&1
# Copy certificates for VESTA use
cp --backup $LEcrt $VEcrt >> $LOGFILE 2>&1
cp --backup $LEkey $VEkey >> $LOGFILE 2>&1
cp --backup $LEpem $VEpem >> $LOGFILE 2>&1
# Set owner and permissions for mail user
chown root:mail $VEcrt $VEkey $VEpem >> $LOGFILE 2>&1
chmod 640 $VEcrt $VEkey $VEpem >> $LOGFILE 2>&1
# Copy certificates for MySQL use
cp $VEcrt $path2sq >> $LOGFILE 2>&1
cp $VEkey $path2sq >> $LOGFILE 2>&1
cp $VEpem $path2sq >> $LOGFILE 2>&1
# Set owner and permissions for mysql user
chown root:mysql $path2sq/certificate.* >> $LOGFILE 2>&1
chmod 640 $path2sq/certificate.* >> $LOGFILE 2>&1
# Restart services that depend on these certificates
case $(head -n1 /etc/issue | cut -f 1 -d ' ') in
Debian)
case $(lsb_release -s -r) in
9.8)
systemctl restart vesta exim4 dovecot vsftpd mysql >> $LOGFILE 2>&1
;;
*)
echo UNKNOWN DEBIAN RELEASE. Restart services manualy. >> $LOGFILE 2>&1
;;
esac
;;
Ubuntu)
case $(lsb_release -s -r) in
18.04)
systemctl restart vesta exim4 dovecot vsftpd mysql >> $LOGFILE 2>&1
;;
16.04)
systemctl restart vesta exim4 dovecot vsftpd mysql >> $LOGFILE 2>&1
;;
14.04)
/usr/sbin/service vesta restart >> $LOGFILE 2>&1
/usr/sbin/service exim4 restart >> $LOGFILE 2>&1
/usr/sbin/service mysql restart >> $LOGFILE 2>&1
/usr/bin/doveadm reload >> $LOGFILE 2>&1
/sbin/initctl restart vsftpd >> $LOGFILE 2>&1
;;
*)
echo UNKNOWN UBUNTU RELEASE. Restart services manualy. >> $LOGFILE 2>&1
;;
esac
;;
*)
echo UNKNOWN OS. Restart services manualy. >> $LOGFILE 2>&1
;;
esac
# Notify
which mail > /dev/null 2>&1 && echo -e "The server certificate at "$(hostname -f)" has been renewed successfully :) \n $(<$LOGFILE)" | mail -s "$mailsub" "$mailto"
fi