Personal script to reload services where needed after LE is done
updating
This commit is contained in:
		
					parent
					
						
							
								0352f7e201
							
						
					
				
			
			
				commit
				
					
						b42bae132d
					
				
			
		
					 1 changed files with 40 additions and 0 deletions
				
			
		
							
								
								
									
										40
									
								
								sysadmin/le_lan_reload_services.sh
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								sysadmin/le_lan_reload_services.sh
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,40 @@ | |||
| #!/bin/bash | ||||
| 
 | ||||
| LE_DOMAIN="DOMAIN" | ||||
| LDAP_SHORTNAME="HOSTNAME" | ||||
| UPDATE_MIKROTIK=0 | ||||
| MIKROTIK_HOST="mikrotik" | ||||
| 
 | ||||
| # Reload services | ||||
| 
 | ||||
| systemctl reload nginx | ||||
| systemctl restart sssd | ||||
| 
 | ||||
| # Re-import the certificate in the LDAP store | ||||
| 
 | ||||
| dsconf -v -D "cn=Directory Manager" "${LDAP_SHORTNAME}" security certificate add \ | ||||
|     --file /etc/letsencrypt/live/"${LE_DOMAIN}"/cert.pem \ | ||||
|         --primary-cert \ | ||||
|         --name "LE" | ||||
| 
 | ||||
| systemctl restart dirsrv@${LDAP_SHORTNAME} | ||||
| 
 | ||||
| # Push the certificates to a Mikrotik AP | ||||
| #NOTE: This assumes you have set up SSH for a user with public key auth | ||||
| 
 | ||||
| if [[ $UPDATE_MIKROTIK ]]; | ||||
| then | ||||
| 
 | ||||
| scp "/etc/letsencrypt/${LE_DOMAIN}/privkey.pem" "${MIKROTIK_HOST}": | ||||
| scp "/etc/letsencrypt/${LE_DOMAIN}/fullchain.pem" "${MIKROTIK_HOST}": | ||||
| 
 | ||||
| ssh mikrotik -T <<EOF | ||||
| /certificate import file-name=fullchain.pem passphrase="" | ||||
| /certificate import file-name=privkey.pem passphrase="" | ||||
| /file remove fullchain.pem | ||||
| /file remove privkey.pem | ||||
| /ip service set www-ssl certificate=fullchain.pem_0 | ||||
| /ip service set api-ssl certificate=fullchain.pem_0 | ||||
| EOF | ||||
| 
 | ||||
| fi | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue