Let's encrypt

idp-tools

@@ -1257,22 +1257,61 @@ EOF
         | ssh root@${h} "cat - > /etc/apache2/sites-available/${lb_service_name}.unige.ch.conf ;"
     fi
     # copy ssl key
-    echo -e " \e[34m-rsync key\e[0m"
-    rsync -av /etc/ssl/private/idp{-lab,-test,}.* root@${h}:/etc/ssl/private/ | indent 5
-    echo -e " \e[34m-rsync cert\e[0m"
-    rsync -av /etc/ssl/certs/idp{-lab,-test,}.* root@${h}:/etc/ssl/certs/ | indent 5
+    ssl_pub_path="/etc/ssl/certs/${lb_service_name}.unige.ch.pem"
+    ssl_priv_path="/etc/ssl/private/${lb_service_name}.unige.ch.key"
+    if test "${lb_service_name}" = "idp"; then
+        echo -e " \e[34m- public key\e[0m"
+        if ssh root@${h} "test ! -f '${ssl_pub_path}'"; then
+            echo -e "   \e[31m- The ssl public key file (${ssl_pub_path}) is mising.\e[0m"
+            echo -e "   \e[34m  Use the following command to create this file\e[0m"
+            echo -e "   \e[34m  chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
+            echo -e "\e[34mExit.\e[0m"
+            exit 1
+        fi
+        if ssh root@${h} "test ! -f '${ssl_priv_path}'"; then
+            echo -e "   \e[31m- The ssl public key file (${ssl_priv_path}) is mising.\e[0m"
+            echo -e "   \e[34m  Use the following command to create this file\e[0m"
+            echo -e "   \e[34m  chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
+            echo -e "\e[34Eexit.\e[0m"
+            exit 1
+        fi
+    else
+        letsencrypt_pub_path="/etc/letsencrypt/live/${lb_service_name}.unige.ch/fullchain.pem"
+        letsencrypt_priv_path="/etc/letsencrypt/live/${lb_service_name}.unige.ch/privkey.pem"
+        echo -e " \e[34m- public key\e[0m"
+        if ssh root@${h} "test ! -f '${letsencrypt_pub_path}'"; then
+            echo -e "   \e[31m- The letsencrypt public key file (${letsencrypt_pub_path}) is mising.\e[0m"
+            echo -e "   \e[34m  Use the following command to create this file\e[0m"
+            echo -e "   \e[34m  chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
+            echo -e "\e[34mExit.\e[0m"
+            exit 1
+        fi
+        make_distant_link $h ${letsencrypt_pub_path} ${ssl_pub_path}
+        #
+        echo -e " \e[34m- private key\e[0m"
+        if ssh root@${h} "test ! -f '${letsencrypt_priv_path}'"; then
+            echo -e "   \e[31m- The letsencrypt private key file (${letsencrypt_priv_path}) is mising.\e[0m"
+            echo -e "   \e[34m  Use the following command to create this file\e[0m"
+            echo -e "   \e[34m  chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
+            echo -e "\e[34mexit.\e[0m"
+            exit 1
+        fi
+        make_distant_link $h ${letsencrypt_priv_path} ${ssl_priv_path}
+    fi
     # check that the key are present in the apache config
     something_todo="False"
     t=$(mktemp --suffix .idp-sync)
     if test "${is_on_same_group}" = "True"
     then
-        for f in $(grep -P "SSLCertificate\S*File" /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf  | awk '{print $2'})
-        do
-            sscp "apache SSLCertificate $f" $f root@${h}:${f}
-        done
+        if  test "${lb_service_name}" = "idp"; then
+            for f in $(grep -P "SSLCertificate\S*File" /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf  | awk '{print $2'})
+            do
+                sscp "apache SSLCertificate $f" $f root@${h}:${f}
+            done
+        fi
     else
         for f in $(ssh root@${h} "cat /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf" \
-                   |grep -P "SSLCertificate\S*File" \
+                   |grep -P "SSLCertificate\S*File" | grep -P -v "\s*#" \
                    | awk '{print $2'})
         do
             if ssh root@${h} "test ! -f ${f}"
@@ -1346,7 +1385,6 @@ EOF
     else
         echo -e "     \e[34mapache2 will not be restarted as the flag (RESTART_OTHER_DAEMON) is set false\e[0m"
     fi
-
     #
     # TOMCAT
     #