Simplify editing needs of the letsencrypt hook script.
This commit is contained in:
parent
5217863b8b
commit
0d1bc03665
@ -12,16 +12,21 @@
|
||||
# Place this script in /etc/letsencrypt/renewal-hooks/deploy/ and make it
|
||||
# executable after editing it to your needs.
|
||||
|
||||
if [ ${RENEWED_DOMAINS} = "my-mosquitto-domain" ]; then
|
||||
# Set which domain this script will be run for
|
||||
MY_DOMAIN="example.com"
|
||||
# Set the directory that the certificates will be copied to.
|
||||
CERTIFICATE_DIR=/etc/mosquitto/certs
|
||||
|
||||
if [ ${RENEWED_DOMAINS} = ${MY_DOMAIN} ]; then
|
||||
# Copy new certificate to Mosquitto directory
|
||||
cp ${RENEWED_LINEAGE}/fullchain.pem /etc/mosquitto/certs/server.pem
|
||||
cp ${RENEWED_LINEAGE}/privkey.pem /etc/mosquitto/certs/server.key
|
||||
cp ${RENEWED_LINEAGE}/fullchain.pem ${CERTIFICATE_DIR}/server.pem
|
||||
cp ${RENEWED_LINEAGE}/privkey.pem ${CERTIFICATE_DIR}/server.key
|
||||
|
||||
# Set ownership to Mosquitto
|
||||
chown mosquitto: /etc/mosquitto/certs/server.pem /etc/mosquitto/certs/server.key
|
||||
chown mosquitto: ${CERTIFICATE_DIR}/server.pem ${CERTIFICATE_DIR}/server.key
|
||||
|
||||
# Ensure permissions are restrictive
|
||||
chmod 0600 /etc/mosquitto/certs/server.pem /etc/mosquitto/certs/server.key
|
||||
chmod 0600 ${CERTIFICATE_DIR}/server.pem ${CERTIFICATE_DIR}/server.key
|
||||
|
||||
# Tell Mosquitto to reload certificates and configuration
|
||||
pkill -HUP -x mosquitto
|
||||
|
Loading…
Reference in New Issue
Block a user