fix certs scripts

08f697e4 · Vitaly Lipatov · 35dcc2c4 · 08f697e4 · 08f697e4
Commit 08f697e4 authored Mar 31, 2014 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 16 deletions

copy_certs_to_hosts.sh certs/copy_certs_to_hosts.sh +34 -15

gencsr.sh certs/gencsr.sh +1 -1

No files found.
--- a/certs/copy_certs_to_hosts.sh
+++ b/certs/copy_certs_to_hosts.sh
@@ -8,21 +8,31 @@ fatal()
 	exit 1
 }

-PRIVATEPEM="$(pwd)/private/etersoft.pem"
+. cert.conf

 cd sites

 copy_to_nginx()
 {
-	if [ -n "$3" ] ; then
-		PEM="$(dirname "$PRIVATEPEM")/$1"
+	ALTPEM="$(dirname "$PRIVATEPEM")/$1"
+	if [ -r "$ALTPEM" ] ; then
+		PEM="$ALTPEM"
 		shift
 	else
 		PEM="$PRIVATEPEM"
 	fi
-	scp $1 $2:/etc/nginx/ssl/ || fatal
+
+	echo "Copying $1 cert..."
+	CERT=$1
+	if [ -r "$INTERMEDCERT" ] ; then
+		cat "$CERT" "$INTERMEDCERT" >tempcert.crt || fatal
+		CERT=tempcert.crt
+	fi
+
+	scp $CERT $2:/etc/nginx/ssl/$1 || fatal
 	scp "$PEM" $2:/etc/nginx/ssl/ || fatal
-	ssh $2 service nginx reload
+
+	[ -n "$3" ] || ssh $2 service nginx reload
 }

 do_pem()
@@ -32,24 +42,33 @@ cat "$1" "$PRIVATEPEM" \
 	> "$2"
 }

-copy_to_nginx pravtor.pem pravtor.ru.crt pravtor
-exit
+# TODO: use two script with common part
+# StartSSL
+
+if false ; then
+#copy_to_nginx pravtor.pem pravtor.ru.crt pravtor
+#exit
 copy_to_nginx bugs.etersoft.ru.crt bugs
 copy_to_nginx mysql.eterhost.ru.crt host03
 copy_to_nginx stog.etersoft.ru.crt stog

+for crt in roundcube.eterhost.ru.crt ; do
+	copy_to_nginx $crt priv noreload || fatal
+done
+ssh priv service nginx reload
+fi
+
 copy_to_priv()
 {
-scp roundcube.eterhost.ru.crt rt.etersoft.ru.crt sales.etersoft.ru.crt cyradm.eterhost.ru.crt \
-	sec.office.etersoft.ru.crt time.office.etersoft.ru.crt wiki.office.etersoft.ru.crt \
-	search.office.etersoft.ru.crt \
-	priv:/etc/nginx/ssl/ || fatal
-scp "$PRIVATEPEM" priv:/etc/nginx/ssl/etersoft.pem || fatal
-ssh priv service nginx restart
+	for crt in sales.etersoft.ru.crt rt.etersoft.ru.crt cyradm.eterhost.ru.crt \
+			sec.office.etersoft.ru.crt time.office.etersoft.ru.crt wiki.office.etersoft.ru.crt \
+			search.office.etersoft.ru.crt ; do
+		copy_to_nginx $crt priv noreload || fatal
+	done
+	ssh priv service nginx reload
 }

-copy_to_priv
-
+#copy_to_priv

 copy_to_im()
 {

--- a/certs/gencsr.sh
+++ b/certs/gencsr.sh
 #!/bin/bash

 DOMAIN=$1
-PRIVATE_KEY=private/etersoft.pem
+PRIVATE_KEY=private/etersoft-cacert.pem
 SUFFIX_OUT_FILE="request.csr"

 mkdir -p csr/