Skip to navigation
Update letsencrypt certficate to openfire
27.04.18
#!/bin/bash # # @author https://github.com/guusdk # # Checks for a known location where Let's Encrypt keys/certificates will be spontaneously exist. # When files are detected, they're used to generate a new keystore, which is then used # to replace the Openfire keystore. set -e PRIVKEY=/etc/letsencrypt/live/ourdomain/privkey.pem CHAIN=/etc/letsencrypt/live/ourdomain/fullchain.pem OPENFIRESTORE=/opt/openfire/resources/security/keystore PASSWORD=changeit # No changes needed below. PKCS12ARCHIVE=/tmp/keystore.p12 TMPKEYSTORE=/tmp/keystore if [[ -f $PRIVKEY && -f $CHAIN ]] then # Remove leftovers from last iteration. if [[ -f $PKCS12ARCHIVE ]] then rm $PKCS12ARCHIVE fi if [[ -f $TMPKEYSTORE ]] then rm $TMPKEYSTORE fi # Import Let's Encrypt data in PKCS12 archive. openssl pkcs12 \ -export \ -out $PKCS12ARCHIVE \ -inkey $PRIVKEY \ -in $CHAIN \ -password pass:$PASSWORD # Remove Let's Encrypt source data to prevent another execution. rm $PRIVKEY && rm $CHAIN # Create new Java keystore based on PKCS12 archive. keytool -importkeystore \ -destkeystore $TMPKEYSTORE \ -deststorepass $PASSWORD \ -srcstoretype PKCS12 \ -srcstorepass $PASSWORD \ -srckeystore $PKCS12ARCHIVE # Set owner for new file chown daemon:daemon $TMPKEYSTORE # Backup old Openfire keystore. cp $OPENFIRESTORE $OPENFIRESTORE-backup-$(date +%s) # Move new store in place. mv $TMPKEYSTORE $OPENFIRESTORE fi
https://gist.github.com/veto64/f1514cc157da0b88921ccda8f2b76a4f
Reply
Anonymous
Information Epoch 1783467277
Small is beautiful.
Home
Notebook
Contact us