From 2ec898c744f2a7b8b9810b1f5545a0b8305fc29e Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Fri, 25 Jul 2025 09:47:58 -0400 Subject: [PATCH] Updating do_dns_tlsa.sh script --- cron/mailleur.cron | 2 +- support/do_dns_tlsa.sh | 28 +++++++++++++++++++++++----- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/cron/mailleur.cron b/cron/mailleur.cron index 9c47678..bb01438 100644 --- a/cron/mailleur.cron +++ b/cron/mailleur.cron @@ -2,5 +2,5 @@ #shell script to manage rpplication ecurring homeworking task #--------------------------------------------------- #to update lets encrypt certificate -#1 1 1 * * mailleur PATH=/usr/sbin:$PATH /usr/lib/mailleur/support/do_dns_tlsa.sh +#1 1 1 * * root PATH=/usr/sbin:$PATH /usr/lib/mailleur/support/do_dns_tlsa.sh diff --git a/support/do_dns_tlsa.sh b/support/do_dns_tlsa.sh index ca9e1d2..8134ce1 100755 --- a/support/do_dns_tlsa.sh +++ b/support/do_dns_tlsa.sh @@ -5,6 +5,8 @@ #------------------------------------------------------------------- #comment in if working in production DRY_RUN="--dry-run" +STAGGING="--staging" +MRKR=`date +"%F"` APPNAME=mailleur #------------------------------------------------------------------- WRKDIR=/etc/certbot/$APPNAME @@ -61,22 +63,38 @@ gen_cert() #Request certificate (with a steady key) via cerbot #Note" this is done in dry-run mode (remove it to #pass in production mode) + +#removing previous +rm -f ./$MKKR-* certbot certonly \ --apache \ --force-renewal \ --csr ./request.csr \ - --fullchain-path ./$APPNAME-fullchain.pem \ - --chain-path ./$APPNAME-chain.pem \ - --cert-path ./$APPNAME-cert.pem \ + --fullchain-path ./$MKKR-fullchain.pem \ + --chain-path ./$MKKR-chain.pem \ + --cert-path ./$MKKR-cert.pem \ --work-dir . \ --logs-dir ./logs \ - $DRY_RUN + $STAGING + +ln -nsf \ + ./$MKKR-fullchain.pem \ + ./$APPNAME-fullchain.pem + +ln -nsf \ + ./$MKKR-chain.pem \ + ./$APPNAME-chain.pem + +ln -nsf \ + ./$MKKR-cert.pem \ + ./$APPNAME-cert.pem + } gen_dane () { -SUM=`openssl ec -in ./ec_key.pem -pubout -outform DER | sha256sum` +SUM=`openssl ec -in ./ec_key.pem -pubout -outform DER 2>/dev/null | sha256sum` ( echo ";--------------------------------------------" -- 2.47.3