|
1 | 1 | #!/bin/bash |
2 | | -# info: update hosts certificates for exim, dovecot & hestia-nginx |
3 | | -# options: user |
4 | | -# options: hostname |
| 2 | +# info: update host certificate for hestia |
| 3 | +# options: USER HOSTNAME |
5 | 4 | # |
6 | 5 | # Function updates certificates for hestia |
7 | 6 |
|
|
12 | 11 |
|
13 | 12 | whoami=$(whoami) |
14 | 13 | if [ "$whoami" != "root" ] && [ "$whoami" != "admin" ] ; then |
15 | | - echo "You must be root or admin to execute this script"; |
| 14 | + echo "Error: this script must be run as root or admin."; |
16 | 15 | exit 1; |
17 | 16 | fi |
18 | 17 |
|
@@ -40,8 +39,8 @@ is_object_unsuspended 'user' 'USER' "$user" |
40 | 39 | is_object_valid 'web' 'DOMAIN' "$hostname" |
41 | 40 | is_object_unsuspended 'web' 'DOMAIN' "$hostname" |
42 | 41 |
|
43 | | -if [ ! -f "/home/$user/conf/web/$hostname/ssl.$hostname.pem" ]; then |
44 | | - echo "This domain does not have certificate"; |
| 42 | +if [ ! -f "/home/$user/conf/web/$hostname/ssl/$hostname.pem" ]; then |
| 43 | + echo "Error: domain $hostname does not have an SSL certificate."; |
45 | 44 | exit 1; |
46 | 45 | fi |
47 | 46 |
|
|
53 | 52 | backup_datetime=`date '+%Y-%m-%d_%H-%M-%S'` |
54 | 53 |
|
55 | 54 | # Copy hostnames certificates from user dir |
56 | | -cp /home/$user/conf/web/$hostname/$hostname.pem $HESTIA/ssl/certificate.crt |
57 | | -cp /home/$user/conf/web/$hostname/$hostname.key $HESTIA/ssl/certificate.key |
58 | | - |
59 | | -# Checking exim username for later chowning |
60 | | -exim_user="exim"; |
61 | | -check_exim_username=$(grep -c '^Debian-exim:' /etc/passwd) |
62 | | -if [ "$check_exim_username" -eq 1 ]; then |
63 | | - exim_user="Debian-exim" |
| 55 | +cp /home/$user/conf/web/$hostname/ssl/$hostname.pem $HESTIA/ssl/certificate.crt |
| 56 | +cp /home/$user/conf/web/$hostname/ssl/$hostname.key $HESTIA/ssl/certificate.key |
| 57 | + |
| 58 | +# Enable fallback support for mail domains that do not support SSL |
| 59 | +if [[ "$MAIL_SYSTEM" =~ exim ]]; then |
| 60 | + # Checking exim username for later chowning |
| 61 | + exim_user="exim"; |
| 62 | + check_exim_username=$(grep -c '^Debian-exim:' /etc/passwd) |
| 63 | + if [ "$check_exim_username" -eq 1 ]; then |
| 64 | + exim_user="Debian-exim" |
| 65 | + fi |
| 66 | + |
| 67 | + # Assign exim permissions to certificate |
| 68 | + chown $exim_user:mail $HESTIA/ssl/certificate.crt |
| 69 | + chown $exim_user:mail $HESTIA/ssl/certificate.key |
64 | 70 | fi |
65 | 71 |
|
66 | | -# Assign exim permissions |
67 | | -chown $exim_user:mail $HESTIA/ssl/certificate.crt |
68 | | -chown $exim_user:mail $HESTIA/ssl/certificate.key |
69 | | - |
70 | | -# Restart exim, dovecot & hestia |
71 | | -$BIN/v-restart-mail |
72 | | -if [ ! -z "$IMAP_SYSTEM" ]; then |
73 | | - $BIN/v-restart-service "$IMAP_SYSTEM" |
74 | | -fi |
75 | | -if [ ! -z "$FTP_SYSTEM" ]; then |
76 | | - $BIN/v-restart-service "$FTP_SYSTEM" |
77 | | -fi |
78 | | -if [ -f "/var/run/hestia-nginx.pid" ]; then |
79 | | - kill -HUP $(cat /var/run/hestia-nginx.pid) |
| 72 | +# Restart services |
| 73 | +$BIN/v-restart-web |
| 74 | +$BIN/v-restart-proxy |
| 75 | +if [ ! -z "$MAIL_SYSTEM" ]; then |
| 76 | + # Restart exim (and dovecot if applicable) |
| 77 | + $BIN/v-restart-mail |
| 78 | + if [ ! -z "$IMAP_SYSTEM" ]; then |
| 79 | + $BIN/v-restart-service "$IMAP_SYSTEM" |
| 80 | + fi |
80 | 81 | fi |
| 82 | +$BIN/v-restart-service "hestia" |
81 | 83 |
|
82 | 84 | #----------------------------------------------------------# |
83 | 85 | # Hestia # |
|
0 commit comments