certbot: add cli.ini and deploy hook for permissions

This commit is contained in:
Miraty 2023-04-26 02:00:38 +02:00
parent 157613c5bf
commit 8785a7935f
2 changed files with 45 additions and 0 deletions

View file

@ -0,0 +1,32 @@
#!/bin/bash
set -euo pipefail
domains=(${RENEWED_DOMAINS-})
if [ ! ${#domains[@]} -eq 1 ]; then
chown -R root:nginx /etc/letsencrypt/archive/*/
chmod -R u=rwX,g=rX,o= /etc/letsencrypt/archive/*/
chown root:nginx /etc/letsencrypt/live/*/
chmod u=rwX,g=rX,o= /etc/letsencrypt/live/*/
else
cert_name=${domains[0]}
cert_dir_archive=/etc/letsencrypt/archive/${cert_name}/
if [ -d ${cert_dir_archive} ]; then
chown -R root:nginx ${cert_dir_archive}
chmod -R u=rwX,g=rX,o= ${cert_dir_archive}
else
echo "${cert_dir_archive} doesn't exist" > /dev/stderr
exit 1
fi
cert_dir_live=/etc/letsencrypt/live/${cert_name}/
if [ -d ${cert_dir_live} ]; then
chown root:nginx ${cert_dir_live}
chmod u=rwX,g=rX,o= ${cert_dir_live}
else
echo "${cert_dir_live} doesn't exist" > /dev/stderr
exit 1
fi
fi

13
install/certbot.ini Normal file
View file

@ -0,0 +1,13 @@
non-interactive
agree-tos
no-eff-email
email = "niver+letsencrypt@antopie.org"
webroot
webroot-path = "/srv/servnest/acme"
key-type = "rsa"
rsa-key-size = "3072"
deploy-hook = "/root/certbot-deploy-hook.sh"