Update letsencrypt certficate to openfire27.04.18

#!/bin/bash

#
# @author https://github.com/guusdk
#

# Checks for a known location where Let's Encrypt keys/certificates will be spontaneously exist.
# When files are detected, they're used to generate a new keystore, which is then used
# to replace the Openfire keystore.
set -e

PRIVKEY=/etc/letsencrypt/live/ourdomain/privkey.pem
CHAIN=/etc/letsencrypt/live/ourdomain/fullchain.pem
OPENFIRESTORE=/opt/openfire/resources/security/keystore
PASSWORD=changeit

# No changes needed below.
PKCS12ARCHIVE=/tmp/keystore.p12
TMPKEYSTORE=/tmp/keystore

if [[ -f $PRIVKEY && -f $CHAIN ]]
then

# Remove leftovers from last iteration.
  if [[ -f $PKCS12ARCHIVE ]]
  then
    rm $PKCS12ARCHIVE
  fi

if [[ -f $TMPKEYSTORE ]]
  then
    rm $TMPKEYSTORE
  fi

# Import Let's Encrypt data in PKCS12 archive.
  openssl pkcs12 \
    -export \
    -out $PKCS12ARCHIVE \
    -inkey $PRIVKEY \
    -in $CHAIN \
    -password pass:$PASSWORD

# Remove Let's Encrypt source data to prevent another execution.
  rm $PRIVKEY && rm $CHAIN

# Create new Java keystore based on PKCS12 archive.
  keytool -importkeystore \
    -destkeystore $TMPKEYSTORE \
    -deststorepass $PASSWORD \
    -srcstoretype PKCS12 \
    -srcstorepass $PASSWORD \
    -srckeystore $PKCS12ARCHIVE

# Set owner for new file
  chown daemon:daemon $TMPKEYSTORE

# Backup old Openfire keystore.
  cp $OPENFIRESTORE $OPENFIRESTORE-backup-$(date +%s)

# Move new store in place.
  mv $TMPKEYSTORE $OPENFIRESTORE
fi

https://gist.github.com/veto64/f1514cc157da0b88921ccda8f2b76a4f

Anonymous

Update letsencrypt certficate to openfire27.04.18

Information Epoch 1732667943