Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/sh
set -e
#
# this is a renew_hook script. it reloads nginx, then
# copies certfiles to the containers for prosody and mumble
# it then lets import prosody the updated cert and restarts mumble
#
# == Warnings ==
# * be sure not to have a global post-hook for certbot as it will replace
# the renew_hook configline
# * don't use the renewal-hooks/deploy or similar dir as it will be executed globally.
#
# container name
container_prosody=
# direct path to container fs (optional, see last command)
container_prosody_path=
# container name
container_mumble=
# well... (this script is intended for a single cert)
certname=$RENEWED_LINEAGE
echo ">>> reloading nginx"
systemctl reload nginx
echo ">>> create tmp in $container_prosody"
lxc exec $container_prosody -- mkdir -p /tmp/$certname
echo ">>> pushing to $container_prosody"
lxc file push $RENEWED_LINEAGE/privkey.pem $container_prosody/tmp/$certname/privkey.pem
lxc file push $RENEWED_LINEAGE/fullchain.pem $container_prosody/tmp/$certname/fullchain.pem
echo ">>> pushing $container_mumble"
lxc file push $RENEWED_LINEAGE/privkey.pem $container_mumble/etc/letsencrypt/live/$certname/privkey.pem
echo ">>> pushed key, moving on"
lxc file push $RENEWED_LINEAGE/fullchain.pem $container_mumble/etc/letsencrypt/live/$certname/fullchain.pem
echo ">>> pushed cert"
echo ">>> restart mumble"
lxc exec $container_mumble -- systemctl restart mumble-server
echo ">>> prosody import"
lxc exec $container_prosody -- prosodyctl --root cert import $certname /tmp/
echo ">>> all done, removing tmpdir"
# should not be needed, lxc command would work here too (see line 24)
#rm -r /path/to/storage-pools/lxc/containers/$container_prosody/rootfs/tmp/$certname