Personal script to reload services where needed after LE is done

updating
2021-06-13 18:33:58 +02:00 · 2021-06-13 18:33:58 +02:00 · b42bae132d
commit b42bae132d
parent 0352f7e201
1 changed files with 40 additions and 0 deletions
--- a/sysadmin/le_lan_reload_services.sh
+++ b/sysadmin/le_lan_reload_services.sh
@ -0,0 +1,40 @@
+#!/bin/bash
+
+LE_DOMAIN="DOMAIN"
+LDAP_SHORTNAME="HOSTNAME"
+UPDATE_MIKROTIK=0
+MIKROTIK_HOST="mikrotik"
+
+# Reload services
+
+systemctl reload nginx
+systemctl restart sssd
+
+# Re-import the certificate in the LDAP store
+
+dsconf -v -D "cn=Directory Manager" "${LDAP_SHORTNAME}" security certificate add \
+    --file /etc/letsencrypt/live/"${LE_DOMAIN}"/cert.pem \
+        --primary-cert \
+        --name "LE"
+
+systemctl restart dirsrv@${LDAP_SHORTNAME}
+
+# Push the certificates to a Mikrotik AP
+#NOTE: This assumes you have set up SSH for a user with public key auth
+
+if [[ $UPDATE_MIKROTIK ]];
+then
+
+scp "/etc/letsencrypt/${LE_DOMAIN}/privkey.pem" "${MIKROTIK_HOST}":
+scp "/etc/letsencrypt/${LE_DOMAIN}/fullchain.pem" "${MIKROTIK_HOST}":
+
+ssh mikrotik -T <<EOF
+/certificate import file-name=fullchain.pem passphrase=""
+/certificate import file-name=privkey.pem passphrase=""
+/file remove fullchain.pem
+/file remove privkey.pem
+/ip service set www-ssl certificate=fullchain.pem_0
+/ip service set api-ssl certificate=fullchain.pem_0
+EOF
+
+fi