Commit 12414522 authored by Cédric BRINER's avatar Cédric BRINER Committed by Cédric BRINER
Browse files

Let's encrypt

parent ec3422de
......@@ -1257,22 +1257,61 @@ EOF
| ssh root@${h} "cat - > /etc/apache2/sites-available/${lb_service_name}.unige.ch.conf ;"
fi
# copy ssl key
echo -e " \e[34m-rsync key\e[0m"
rsync -av /etc/ssl/private/idp{-lab,-test,}.* root@${h}:/etc/ssl/private/ | indent 5
echo -e " \e[34m-rsync cert\e[0m"
rsync -av /etc/ssl/certs/idp{-lab,-test,}.* root@${h}:/etc/ssl/certs/ | indent 5
ssl_pub_path="/etc/ssl/certs/${lb_service_name}.unige.ch.pem"
ssl_priv_path="/etc/ssl/private/${lb_service_name}.unige.ch.key"
if test "${lb_service_name}" = "idp"; then
echo -e " \e[34m- public key\e[0m"
if ssh root@${h} "test ! -f '${ssl_pub_path}'"; then
echo -e " \e[31m- The ssl public key file (${ssl_pub_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34mExit.\e[0m"
exit 1
fi
if ssh root@${h} "test ! -f '${ssl_priv_path}'"; then
echo -e " \e[31m- The ssl public key file (${ssl_priv_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34Eexit.\e[0m"
exit 1
fi
else
letsencrypt_pub_path="/etc/letsencrypt/live/${lb_service_name}.unige.ch/fullchain.pem"
letsencrypt_priv_path="/etc/letsencrypt/live/${lb_service_name}.unige.ch/privkey.pem"
echo -e " \e[34m- public key\e[0m"
if ssh root@${h} "test ! -f '${letsencrypt_pub_path}'"; then
echo -e " \e[31m- The letsencrypt public key file (${letsencrypt_pub_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34mExit.\e[0m"
exit 1
fi
make_distant_link $h ${letsencrypt_pub_path} ${ssl_pub_path}
#
echo -e " \e[34m- private key\e[0m"
if ssh root@${h} "test ! -f '${letsencrypt_priv_path}'"; then
echo -e " \e[31m- The letsencrypt private key file (${letsencrypt_priv_path}) is mising.\e[0m"
echo -e " \e[34m Use the following command to create this file\e[0m"
echo -e " \e[34m chiffreca generate-certbot-cmd ${lb_service_name}.unige.ch\e[0m"
echo -e "\e[34mexit.\e[0m"
exit 1
fi
make_distant_link $h ${letsencrypt_priv_path} ${ssl_priv_path}
fi
# check that the key are present in the apache config
something_todo="False"
t=$(mktemp --suffix .idp-sync)
if test "${is_on_same_group}" = "True"
then
if test "${lb_service_name}" = "idp"; then
for f in $(grep -P "SSLCertificate\S*File" /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf | awk '{print $2'})
do
sscp "apache SSLCertificate $f" $f root@${h}:${f}
done
fi
else
for f in $(ssh root@${h} "cat /etc/apache2/sites-enabled/${lb_service_name}.unige.ch.conf" \
|grep -P "SSLCertificate\S*File" \
|grep -P "SSLCertificate\S*File" | grep -P -v "\s*#" \
| awk '{print $2'})
do
if ssh root@${h} "test ! -f ${f}"
......@@ -1346,7 +1385,6 @@ EOF
else
echo -e " \e[34mapache2 will not be restarted as the flag (RESTART_OTHER_DAEMON) is set false\e[0m"
fi
#
# TOMCAT
#
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment