diff options
Diffstat (limited to 'update-site-certs.sh')
-rwxr-xr-x | update-site-certs.sh | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/update-site-certs.sh b/update-site-certs.sh new file mode 100755 index 0000000..5d24404 --- /dev/null +++ b/update-site-certs.sh @@ -0,0 +1,150 @@ +#!/bin/bash + +cd /var/src/xmpp-site/sites/lite/ +CONFIG="current-config.yml" +DOMAIN="$1" +#for DOMAIN in mattrude.com soderparr.com therudes.com +#do + ### + ### The Primary Cert Tests + ### + DOMAINFL="im.${DOMAIN}" + if [ -f /etc/ejabberd/certs/$DOMAIN/fullchain.pem ]; then + if [ `openssl x509 -noout -text -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |grep "DNS:$DOMAIN" |wc -l` -gt 0 ]; then + EXPIRES=`openssl x509 -noout -text -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-expires: "/g' |sed 's/$/"/g'` + SHA1=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-sha1: "/g' |sed 's/$/"/g'` + SHA256=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-sha256: "/g' |sed 's/$/"/g'` + else + EXPIRES='fingerprint-expires: "No Key Found"' + SHA1='fingerprint-sha1: "No Key Found"' + SHA256='fingerprint-sha256: "No Key Found"' + fi + else + if [ -f /etc/ejabberd/certs/${DOMAIN}/fullchain.pem ]; then + if [ `openssl x509 -noout -text -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |grep "DNS:$DOMAIN" |wc -l` -gt 0 ]; then + EXPIRES=`openssl x509 -noout -text -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-expires: "/g' |sed 's/$/"/g'` + SHA1=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-sha1: "/g' |sed 's/$/"/g'` + SHA256=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/ejabberd/certs/${DOMAIN}/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-sha256: "/g' |sed 's/$/"/g'` + else + EXPIRES='fingerprint-expires: "No Key Found"' + SHA1='fingerprint-sha1: "No Key Found"' + SHA256='fingerprint-sha256: "No Key Found"' + fi + fi + fi + sed -i "/fingerprint-expires/c$EXPIRES" ${CONFIG} + sed -i "/fingerprint-sha1/c$SHA1" ${CONFIG} + sed -i "/fingerprint-sha256/c$SHA256" ${CONFIG} + + ### + ### The IM Cert Tests + ### + if [ -f /etc/letsencrypt/live/im.$DOMAIN/fullchain.pem ]; then + IMEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/im.$DOMAIN/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-im-expires: "/g' |sed 's/$/"/g'` + SHA1IM=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/im.$DOMAIN/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-im-sha1: "/g' |sed 's/$/"/g'` + SHA256IM=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/im.$DOMAIN/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-im-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/letsencrypt/live/$DOMAINFL/fullchain.pem ]; then + IMEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-im-expires: "/g' |sed 's/$/"/g'` + SHA1IM=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-im-sha1: "/g' |sed 's/$/"/g'` + SHA256IM=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-im-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/ejabberd/certs/im.${DOMAIN}/fullchain.pem ]; then + IMEXPIRES=`openssl x509 -noout -text -in /etc/ejabberd/certs/im.${DOMAIN}/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-im-expires: "/g' |sed 's/$/"/g'` + SHA1IM=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/ejabberd/certs/im.${DOMAIN}/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-im-sha1: "/g' |sed 's/$/"/g'` + SHA256IM=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/ejabberd/certs/im.${DOMAIN}/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-im-sha256: "/g' |sed 's/$/"/g'` + else + IMEXPIRES='fingerprint-im-expires: "No Key Found"' + SHA1IM='fingerprint-im-sha1: "No Key Found"' + SHA256IM='fingerprint-im-sha256: "No Key Found"' + fi + fi + fi + sed -i "/fingerprint-im-expires/c$IMEXPIRES" ${CONFIG} + sed -i "/fingerprint-im-sha1/c$SHA1IM" ${CONFIG} + sed -i "/fingerprint-im-sha256/c$SHA256IM" ${CONFIG} + + ### + ### The Conference Cert Tests + ### + if [ -f /etc/letsencrypt/live/conference.$DOMAIN/fullchain.pem ]; then + CONFERENCEEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/conference.$DOMAIN/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-conference-expires: "/g' |sed 's/$/"/g'` + SHA1CONFERENCE=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/conference.$DOMAIN/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-conference-sha1: "/g' |sed 's/$/"/g'` + SHA256CONFERENCE=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/conference.$DOMAIN/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-conference-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/letsencrypt/live/$DOMAINFL/fullchain.pem ]; then + CONFERENCEEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-conference-expires: "/g' |sed 's/$/"/g'` + SHA1CONFERENCE=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-conference-sha1: "/g' |sed 's/$/"/g'` + SHA256CONFERENCE=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-conference-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/ejabberd/certs/im.${DOMAIN}/fullchain.pem ]; then + CONFERENCEEXPIRES=`openssl x509 -noout -text -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-conference-expires: "/g' |sed 's/$/"/g'` + SHA1CONFERENCE=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-conference-sha1: "/g' |sed 's/$/"/g'` + SHA256CONFERENCE=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-conference-sha256: "/g' |sed 's/$/"/g'` + else + CONFERENCEEXPIRES='fingerprint-conference-expires: "No Key Found"' + SHA1CONFERENCE='fingerprint-conference-sha1: "No Key Found"' + SHA256CONFERENCE='fingerprint-conference-sha256: "No Key Found"' + fi + fi + fi + sed -i "/fingerprint-conference-expires/c$CONFERENCEEXPIRES" ${CONFIG} + sed -i "/fingerprint-conference-sha1/c$SHA1CONFERENCE" ${CONFIG} + sed -i "/fingerprint-conference-sha256/c$SHA256CONFERENCE" ${CONFIG} + + ### + ### The Proxy Cert Tests + ### + if [ -f /etc/letsencrypt/live/proxy.$DOMAIN/fullchain.pem ]; then + PROXYEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/proxy.$DOMAIN/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-proxy-expires: "/g' |sed 's/$/"/g'` + SHA1PROXY=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/proxy.$DOMAIN/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-proxy-sha1: "/g' |sed 's/$/"/g'` + SHA256PROXY=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/proxy.$DOMAIN/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-proxy-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/letsencrypt/live/im.${DOMAIN}/fullchain.pem ]; then + PROXYEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/im.${DOMAIN}/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-proxy-expires: "/g' |sed 's/$/"/g'` + SHA1PROXY=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/im.${DOMAIN}/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-proxy-sha1: "/g' |sed 's/$/"/g'` + SHA256PROXY=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/im.${DOMAIN}/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-proxy-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/ejabberd/certs/im.${DOMAIN}/fullchain.pem ]; then + PROXYEXPIRES=`openssl x509 -noout -text -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-proxy-expires: "/g' |sed 's/$/"/g'` + SHA1PROXY=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-proxy-sha1: "/g' |sed 's/$/"/g'` + SHA256PROXY=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-proxy-sha256: "/g' |sed 's/$/"/g'` + else + PROXYEXPIRES='fingerprint-proxy-expires: "No Key Found"' + SHA1PROXY='fingerprint-proxy-sha1: "No Key Found"' + SHA256PROXY='fingerprint-proxy-sha256: "No Key Found"' + fi + fi + fi + sed -i "/fingerprint-proxy-expires/c$PROXYEXPIRES" ${CONFIG} + sed -i "/fingerprint-proxy-sha1/c$SHA1PROXY" ${CONFIG} + sed -i "/fingerprint-proxy-sha256/c$SHA256PROXY" ${CONFIG} + + ### + ### The Upload Cert Tests + ### + if [ -f /etc/letsencrypt/live/upload.$DOMAIN/fullchain.pem ]; then + UPLOADEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/upload.$DOMAIN/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-upload-expires: "/g' |sed 's/$/"/g'` + SHA1UPLOAD=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/upload.$DOMAIN/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-upload-sha1: "/g' |sed 's/$/"/g'` + SHA256UPLOAD=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/upload.$DOMAIN/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-upload-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/letsencrypt/live/$DOMAINFL/fullchain.pem ]; then + UPLOADEXPIRES=`openssl x509 -noout -text -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-upload-expires: "/g' |sed 's/$/"/g'` + SHA1UPLOAD=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-upload-sha1: "/g' |sed 's/$/"/g'` + SHA256UPLOAD=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/letsencrypt/live/$DOMAINFL/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-upload-sha256: "/g' |sed 's/$/"/g'` + else + if [ -f /etc/ejabberd/certs/im.${DOMAIN}/fullchain.pem ]; then + UPLOADEXPIRES=`openssl x509 -noout -text -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |grep "Not After : " |sed 's/ Not After : /fingerprint-upload-expires: "/g' |sed 's/$/"/g'` + SHA1UPLOAD=`openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |sed 's/SHA1 Fingerprint=/fingerprint-upload-sha1: "/g' |sed 's/$/"/g'` + SHA256UPLOAD=`openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/ejabberd/certs/im.$DOMAIN/fullchain.pem |sed 's/SHA256 Fingerprint=/fingerprint-upload-sha256: "/g' |sed 's/$/"/g'` + else + UPLOADEXPIRES='fingerprint-upload-expires: "No Key Found"' + SHA1UPLOAD='fingerprint-upload-sha1: "No Key Found"' + SHA256UPLOAD='fingerprint-upload-sha256: "No Key Found"' + fi + fi + fi + sed -i "/fingerprint-upload-expires/c$UPLOADEXPIRES" ${CONFIG} + sed -i "/fingerprint-upload-sha1/c$SHA1UPLOAD" ${CONFIG} + sed -i "/fingerprint-upload-sha256/c$SHA256UPLOAD" ${CONFIG} +#done |