2017-02-22 13:33:53 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
RETVAL=
|
|
|
|
|
|
|
|
# Add the CA certificate if it's not already present
|
|
|
|
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }}
|
|
|
|
RETVAL=$?
|
|
|
|
|
|
|
|
if [ $RETVAL -ne 0 ] ; then
|
|
|
|
keytool -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ java_keyring_letsencrypt_trusted_ca }} -dname "CN={{ ansible_fqdn }}" -file {{ letsencrypt_acme_certs_dir }}/chain
|
|
|
|
fi
|
|
|
|
# Remove the old certificate
|
|
|
|
keytool -storepass {{ java_keyring_pwd }} -keystore {{ java_keyring_file }} -delete -alias {{ ansible_fqdn }}
|
|
|
|
|
|
|
|
# Check if the old certificate is still present. If so, we have a problem. Otherwise, import the new one
|
|
|
|
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }}
|
|
|
|
RETVAL=$?
|
|
|
|
if [ $RETVAL -ne 0 ] ; then
|
|
|
|
openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/chain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keyring_pwd }}
|
|
|
|
keytool -importkeystore -srcstorepass {{ java_keyring_pwd }} -deststorepass {{ java_keyring_pwd }} -destkeystore {{ java_keyring_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12
|
|
|
|
rm -f /var/tmp/{{ ansible_fqdn }}.p12
|
|
|
|
else
|
|
|
|
logger "orientdb letsencrypt hook: the old certificate is still present inside the keystore, aborting."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
chmod 440 {{ java_keyring_file }}
|
|
|
|
chgrp {{ orientdb_user }} {{ java_keyring_file }}
|
2017-06-22 16:31:27 +02:00
|
|
|
logger "orientdb letsencrypt hook: shut down orientdb."
|
2017-02-22 13:33:53 +01:00
|
|
|
/etc/init.d/orientdb stop
|
2017-06-22 16:31:27 +02:00
|
|
|
sleep 30
|
2017-02-22 13:33:53 +01:00
|
|
|
/etc/init.d/orientdb start
|
2017-06-22 16:31:27 +02:00
|
|
|
logger "orientdb letsencrypt hook: start orientdb."
|
2017-02-22 13:33:53 +01:00
|
|
|
logger "orientdb letsencrypt hook: the keystore has been updated with the renewed certificate."
|
|
|
|
|
|
|
|
exit 0
|