Commit 12414522 authored by Cédric BRINER's avatar Cédric BRINER Committed by Cédric BRINER
Browse files

Let's encrypt

parent ec3422de
...@@ -1257,22 +1257,61 @@ EOF ...@@ -1257,22 +1257,61 @@ EOF
| ssh root@${h} "cat - > /etc/apache2/sites-available/${lb_service_name}.unige.ch.conf ;" | ssh root@${h} "cat - > /etc/apache2/sites-available/${lb_service_name}.unige.ch.conf ;"
fi fi
# copy ssl key # copy ssl key
echo -e " \e[34m-rsync key\e[0m" ssl_pub_path="/etc/ssl/certs/${lb_service_name}.unige.ch.pem"
rsync -av /etc/ssl/private/idp{-lab,-test,}.* root@${h}:/etc/ssl/private/ | indent 5 ssl_priv_path="/etc/ssl/private/${lb_service_name}.unige.ch.key"
echo -e " \e[34m-rsync cert\e[0m" if test "${lb_service_name}" = "idp"; then
rsync -av /etc/ssl/certs/idp{-lab,-test,}.* root@${h}:/etc/ssl/certs/ | indent 5 echo -e " \e[34m- public key\e[0m"
if ssh root@${h} "test ! -f '${ssl_pub_path}'"; then
echo -e " \e[31m- The ssl public key file (${ssl_pub_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34mExit.\e[0m"
exit 1
fi
if ssh root@${h} "test ! -f '${ssl_priv_path}'"; then
echo -e " \e[31m- The ssl public key file (${ssl_priv_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34Eexit.\e[0m"
exit 1
fi
else
letsencrypt_pub_path="/etc/letsencrypt/live/${lb_service_name}.unige.ch/fullchain.pem"
letsencrypt_priv_path="/etc/letsencrypt/live/${lb_service_name}.unige.ch/privkey.pem"
echo -e " \e[34m- public key\e[0m"
if ssh root@${h} "test ! -f '${letsencrypt_pub_path}'"; then
echo -e " \e[31m- The letsencrypt public key file (${letsencrypt_pub_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34mExit.\e[0m"
exit 1
fi
make_distant_link $h ${letsencrypt_pub_path} ${ssl_pub_path}
#
echo -e " \e[34m- private key\e[0m"
if ssh root@${h} "test ! -f '${letsencrypt_priv_path}'"; then
echo -e " \e[31m- The letsencrypt private key file (${letsencrypt_priv_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34mexit.\e[0m"
exit 1
fi
make_distant_link $h ${letsencrypt_priv_path} ${ssl_priv_path}
fi
# check that the key are present in the apache config # check that the key are present in the apache config
something_todo="False" something_todo="False"
t=$(mktemp --suffix .idp-sync) t=$(mktemp --suffix .idp-sync)
if test "${is_on_same_group}" = "True" if test "${is_on_same_group}" = "True"
then then
for f in $(grep -P "SSLCertificate\S*File" /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf | awk '{print $2'}) if test "${lb_service_name}" = "idp"; then
do for f in $(grep -P "SSLCertificate\S*File" /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf | awk '{print $2'})
sscp "apache SSLCertificate $f" $f root@${h}:${f} do
done sscp "apache SSLCertificate $f" $f root@${h}:${f}
done
fi
else else
for f in $(ssh root@${h} "cat /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf" \ for f in $(ssh root@${h} "cat /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf" \
|grep -P "SSLCertificate\S*File" \ |grep -P "SSLCertificate\S*File" | grep -P -v "\s*#" \
| awk '{print $2'}) | awk '{print $2'})
do do
if ssh root@${h} "test ! -f ${f}" if ssh root@${h} "test ! -f ${f}"
...@@ -1346,7 +1385,6 @@ EOF ...@@ -1346,7 +1385,6 @@ EOF
else else
echo -e " \e[34mapache2 will not be restarted as the flag (RESTART_OTHER_DAEMON) is set false\e[0m" echo -e " \e[34mapache2 will not be restarted as the flag (RESTART_OTHER_DAEMON) is set false\e[0m"
fi fi
# #
# TOMCAT # TOMCAT
# #
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment