certbot: add cli.ini and deploy hook for permissions
This commit is contained in:
parent
157613c5bf
commit
8785a7935f
2 changed files with 45 additions and 0 deletions
32
install/certbot-deploy-hook.sh
Normal file
32
install/certbot-deploy-hook.sh
Normal file
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
domains=(${RENEWED_DOMAINS-})
|
||||
|
||||
if [ ! ${#domains[@]} -eq 1 ]; then
|
||||
chown -R root:nginx /etc/letsencrypt/archive/*/
|
||||
chmod -R u=rwX,g=rX,o= /etc/letsencrypt/archive/*/
|
||||
|
||||
chown root:nginx /etc/letsencrypt/live/*/
|
||||
chmod u=rwX,g=rX,o= /etc/letsencrypt/live/*/
|
||||
else
|
||||
cert_name=${domains[0]}
|
||||
|
||||
cert_dir_archive=/etc/letsencrypt/archive/${cert_name}/
|
||||
if [ -d ${cert_dir_archive} ]; then
|
||||
chown -R root:nginx ${cert_dir_archive}
|
||||
chmod -R u=rwX,g=rX,o= ${cert_dir_archive}
|
||||
else
|
||||
echo "${cert_dir_archive} doesn't exist" > /dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cert_dir_live=/etc/letsencrypt/live/${cert_name}/
|
||||
if [ -d ${cert_dir_live} ]; then
|
||||
chown root:nginx ${cert_dir_live}
|
||||
chmod u=rwX,g=rX,o= ${cert_dir_live}
|
||||
else
|
||||
echo "${cert_dir_live} doesn't exist" > /dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
fi
|
13
install/certbot.ini
Normal file
13
install/certbot.ini
Normal file
|
@ -0,0 +1,13 @@
|
|||
non-interactive
|
||||
|
||||
agree-tos
|
||||
no-eff-email
|
||||
email = "niver+letsencrypt@antopie.org"
|
||||
|
||||
webroot
|
||||
webroot-path = "/srv/servnest/acme"
|
||||
|
||||
key-type = "rsa"
|
||||
rsa-key-size = "3072"
|
||||
|
||||
deploy-hook = "/root/certbot-deploy-hook.sh"
|
Loading…
Reference in a new issue