-
-
Save deependhulla/1ec5a6663802ae3898ccb47d98a4ea37 to your computer and use it in GitHub Desktop.
Revisions
-
fabiomontefuscolo created this gist
Sep 5, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,62 @@ #!/bin/bash # # @author https://github.com/guusdk # # Checks for a known location where Let's Encrypt keys/certificates will be spontaneously exist. # When files are detected, they're used to generate a new keystore, which is then used # to replace the Openfire keystore. set -e PRIVKEY=/etc/letsencrypt/live/ourdomain/privkey.pem CHAIN=/etc/letsencrypt/live/ourdomain/fullchain.pem OPENFIRESTORE=/opt/openfire/resources/security/keystore PASSWORD=changeit # No changes needed below. PKCS12ARCHIVE=/tmp/keystore.p12 TMPKEYSTORE=/tmp/keystore if [[ -f $PRIVKEY && -f $CHAIN ]] then # Remove leftovers from last iteration. if [[ -f $PKCS12ARCHIVE ]] then rm $PKCS12ARCHIVE fi if [[ -f $TMPKEYSTORE ]] then rm $TMPKEYSTORE fi # Import Let's Encrypt data in PKCS12 archive. openssl pkcs12 \ -export \ -out $PKCS12ARCHIVE \ -inkey $PRIVKEY \ -in $CHAIN \ -password pass:$PASSWORD # Remove Let's Encrypt source data to prevent another execution. rm $PRIVKEY && rm $CHAIN # Create new Java keystore based on PKCS12 archive. keytool -importkeystore \ -destkeystore $TMPKEYSTORE \ -deststorepass $PASSWORD \ -srcstoretype PKCS12 \ -srcstorepass $PASSWORD \ -srckeystore $PKCS12ARCHIVE # Set owner for new file chown daemon:daemon $TMPKEYSTORE # Backup old Openfire keystore. cp $OPENFIRESTORE $OPENFIRESTORE-backup-$(date +%s) # Move new store in place. mv $TMPKEYSTORE $OPENFIRESTORE fi