Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F36512
propagate-mail-certificate.sh
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
dereckson
May 21 2016, 14:05
2016-05-21 14:05:13 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
propagate-mail-certificate.sh
View Options
#!/bin/sh
# -------------------------------------------------------------
# Propagate a Let's encrypt certificate to the mail server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-05-21
# License: Trivial work, not eligible to copyright
# Dependencies: OpenSSL
# -------------------------------------------------------------
# -------------------------------------------------------------
# Configuration
# -------------------------------------------------------------
# Relevant paths
LETSENCRYPT_CERT_FOLDER
=
/data/letsencrypt/etc/live/mail.nasqueron.org-0001
MAILSERVER_CERT_FOLDER
=
/var/lib/lxc/mailserver/rootfs/etc/ssl/certs
HASH_FOLDER
=
/tmp
# To identify an unique certifate, we use the following content and path
# for an hash file.
ACTUAL_HASH
=
`
openssl sha256
$LETSENCRYPT_CERT_FOLDER
/cert.pem
`
HASH_FILE
=
$HASH_FOLDER
/hash-cert-
`
openssl sha256
$LETSENCRYPT_CERT_FOLDER
`
# -------------------------------------------------------------
# Helper methods
# -------------------------------------------------------------
# Determines if we should propagate a new certificate
should_propagate
()
{
if
is_cert_hash_changed
;
then
return
1
else
return
0
fi
}
# Determines if the certificate has been modified, based on last recorded hash
is_cert_hash_changed
()
{
EXPECTED_HASH
=
`
cat
$HASH_FILE
`
if
[
"
$ACTUAL_HASH
"
=
"
$EXPECTED_HASH
"
]
;
then
return
0
else
return
1
fi
}
# Saves the new certificate hash
save_certificate_hash
()
{
echo
$ACTUAL_HASH
>
$HASH_FILE
}
# -------------------------------------------------------------
# Procedural code
# -------------------------------------------------------------
if
should_propagate
;
then
echo
cp
$LETSENCRYPT_CERT_FOLDER
/fullchain.pem
$MAILSERVER_CERT_FOLDER
/mailserver.crt
echo
cp
$LETSENCRYPT_CERT_FOLDER
/privkey.pem
$MAILSERVER_CERT_FOLDER
/mailserver.key
save_certificate_hash
fi
File Metadata
Details
Attached
Mime Type
text/plain; charset=utf-8
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
33245
Default Alt Text
propagate-mail-certificate.sh (1 KB)
Attached To
Mode
P192 propagate-mail-certificate.sh
Attached
Detach File
Event Timeline
Log In to Comment