From f26dff86641f122594d2ff7086ea494a515d4440 Mon Sep 17 00:00:00 2001 From: Tyler Hale Date: Mon, 6 Feb 2023 09:43:50 -0700 Subject: [PATCH] Updating certbot-renewal script --- .../templates/certbot-renewal-cluster.j2 | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/haproxy/templates/certbot-renewal-cluster.j2 b/roles/haproxy/templates/certbot-renewal-cluster.j2 index 8072660..edd5f63 100644 --- a/roles/haproxy/templates/certbot-renewal-cluster.j2 +++ b/roles/haproxy/templates/certbot-renewal-cluster.j2 @@ -17,7 +17,7 @@ TARFILE_COMPRESS=$TARFILE'.gz' if [[ $(hostname -I)[*] =~ $VIRTUAL_IP ]]; then echo "Current master - Processing renewals" - certbot renew + /usr/local/bin/certbot renew # tar the letsencrypt directory for transferring to other members with symlinks tar cfP $TARFILE /etc/letsencrypt/ @@ -36,10 +36,22 @@ if [[ $(hostname -I)[*] =~ $VIRTUAL_IP ]]; then do if [[ ! $(hostname -I)[*] =~ $SERVER ]]; then # Transfer the files to the backup server - sudo -u $USER scp -i $PRIVATE_KEY $TARFILE_COMPRESS $USER@$SERVER:~ + sudo -u $USER scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $PRIVATE_KEY $TARFILE_COMPRESS $USER@$SERVER:~ # Deploy the current letsencrypt config/certs - sudo -u $USER ssh -i $PRIVATE_KEY $USER@$SERVER "sudo rm -rf /etc/letsencrypt; sudo tar xzfP $TARFILE_COMPRESS && sudo rm $TARFILE_COMPRESS;sudo systemctl reload haproxy" + sudo -u $USER ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $PRIVATE_KEY $USER@$SERVER "sudo rm -rf /etc/letsencrypt; sudo tar xzfP $TARFILE_COMPRESS && sudo rm $TARFILE_COMPRESS;sudo systemctl reload haproxy" fi done + + rm $TARFILE_COMPRESS +fi + +if [ -d "/etc/letsencrypt/live/" ]; then + for Cert in /etc/letsencrypt/live/*/ ; + do + echo Processing $Cert + cd $Cert + cat fullchain.pem privkey.pem | dd status=none of="/etc/haproxy/ssl/$(basename $Cert).pem" + done + systemctl reload haproxy fi