Kapisi/roles/SSL/files/manual-ssl-renew

#!/bin/bash

if [ `whoami` != 'root' ]; then
    sudo $0 $@
    exit
fi

domain="$1"

certbot certonly -d ${domain} -d "*.${domain}" --manual --force-interactive --reuse-key
cat /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/letsencrypt/live/${domain}/certkey.pem

# PKCS12 for Emby
echo | openssl pkcs12 -password stdin -export -out /etc/letsencrypt/live/${domain}/ssl.pfx -inkey /etc/letsencrypt/live/${domain}/privkey.pem -in /etc/letsencrypt/live/${domain}/cert.pem -certfile /etc/letsencrypt/live/${domain}/fullchain.pem
cat /etc/letsencrypt/live/${domain}/ssl.pfx > /var/lib/emby/ssl/yggdrasil.pfx

systemctl restart webserver
systemctl restart yggdrasil

echo
echo "Don't forget to send \`/raw reloadmodule m_ssl_openssl.so\` to a NetAdmin session on AniNIX/IRC"
echo Add these to the TLSA records for the domain

bash ./tlsa-generation.bash
Adding some SSL support scripts 2021-01-01 12:45:34 -06:00			`#!/bin/bash`

			if [ `whoami` != 'root' ]; then
			`sudo $0 $@`
			`exit`
			`fi`

			`domain="$1"`

			`certbot certonly -d ${domain} -d "*.${domain}" --manual --force-interactive --reuse-key`
			`cat /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/letsencrypt/live/${domain}/certkey.pem`

			`# PKCS12 for Emby`
			`echo \| openssl pkcs12 -password stdin -export -out /etc/letsencrypt/live/${domain}/ssl.pfx -inkey /etc/letsencrypt/live/${domain}/privkey.pem -in /etc/letsencrypt/live/${domain}/cert.pem -certfile /etc/letsencrypt/live/${domain}/fullchain.pem`
			`cat /etc/letsencrypt/live/${domain}/ssl.pfx > /var/lib/emby/ssl/yggdrasil.pfx`

			`systemctl restart webserver`
			`systemctl restart yggdrasil`

			`echo`
			echo "Don't forget to send \`/raw reloadmodule m_ssl_openssl.so\` to a NetAdmin session on AniNIX/IRC"
			`echo Add these to the TLSA records for the domain`

			`bash ./tlsa-generation.bash`