Skip to content

Instantly share code, notes, and snippets.

@TehPeGaSuS
Last active July 19, 2023 11:02
Show Gist options
  • Save TehPeGaSuS/3f9b05c33d9488b086473efa58ea6684 to your computer and use it in GitHub Desktop.
Save TehPeGaSuS/3f9b05c33d9488b086473efa58ea6684 to your computer and use it in GitHub Desktop.
Automate Quassel Certificate Renew with Certbot
#!/usr/bin/env sh
# Shell script to manage Quassel certificates with Let's Encrypt and Certbot
##########
# Domain/subdomain of your Quassel installation
##########
qDomain=quassel.domain.tld
##########
# Quassel configdir (usually `/var/lib/quassel' when installed via apt)
##########
qDir=/var/lib/quassel
##########
# User that runs Quassel (default to `quasselcore')
##########
qUser=quasselcore
##########
# Quassel user group (default to `quassel')
##########
qGroup=quassel
##########
# Don't edit anything below unless you know exactly what you're doing.
# If you touch the code below and then complain the script "suddenly stopped working" I'll touch you at night.
##########
case $RENEWED_LINEAGE in
*/"$qDomain")
cp -f -- "$RENEWED_LINEAGE"/fullchain.pem "$RENEWED_LINEAGE"/privkey.pem "$qDir" &&
chown -- "$qUser":"$qGroup" "$qDir"/fullchain.pem "$qDir"/privkey.pem &&
printf "Quassel Certificate Renewed Successfuly\n\n" &&
systemctl reload quasselcore.service
esac
@TehPeGaSuS
Copy link
Author

TehPeGaSuS commented Jan 3, 2021

Quassel Certificate Manager

Editing quasselcore.service

  1. Type systemctl edit quasselcore.service
  2. Add the following lines:
[Service]
ExecStart=
ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} --ssl-cert /var/lib/quassel/fullchain.pem --ssl-key /var/lib/quassel/privkey.pem
ExecReload=
ExecReload=/bin/kill -SIGHUP $MAINPID
  1. Save the file and proceed to the next steps!

Setting up the shell script

  1. Create a folder named scripts inside /etc/letsencrypt with:
    mkdir -p /etc/letsencrypt/scripts
  2. Place this script inside /etc/letsencrypt/scripts and name it quasselcert_manager.sh
  3. Make it executable with:
    chmod +x /etc/letsencrypt/scripts/quasselcert_manager.sh
  4. Request/renew your certificate via Certbot (force the renewal if needed) with:
    certbot -d quassel.domain.tld --deploy-hook /etc/letsencrypt/scripts/quasselcert_manager.sh
    NOTE: You may need to execute the command twice
  5. ENJOY!

NOTE

You may have to restart Quassel (I had) in order to apply the new ExecStart parameters (be sure to do it only AFTER the certificate issuing/renewal, otherwise Quassel will complain about missing files)
To do so, just type systemctl restart quasselcore.service and from now on you should have no issues :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment