fabiomontefuscolo · September 5, 2017 12:19
diff --git a/update-openfire.sh b/update-openfire.sh
 #!/bin/bash

 #
 # @author https://github.com/guusdk
 #

 # Checks for a known location where Let's Encrypt keys/certificates will be spontaneously exist.
 # When files are detected, they're used to generate a new keystore, which is then used
 # to replace the Openfire keystore.
 set -e

 PRIVKEY=/etc/letsencrypt/live/ourdomain/privkey.pem
 CHAIN=/etc/letsencrypt/live/ourdomain/fullchain.pem
 OPENFIRESTORE=/opt/openfire/resources/security/keystore
 PASSWORD=changeit

 # No changes needed below.
 PKCS12ARCHIVE=/tmp/keystore.p12
 TMPKEYSTORE=/tmp/keystore

 if [[ -f $PRIVKEY && -f $CHAIN ]]
 then

  # Remove leftovers from last iteration.
  if [[ -f $PKCS12ARCHIVE ]]
  then
    rm $PKCS12ARCHIVE
  fi

  if [[ -f $TMPKEYSTORE ]]
  then
    rm $TMPKEYSTORE
  fi

  # Import Let's Encrypt data in PKCS12 archive.
  openssl pkcs12 \
    -export \
    -out $PKCS12ARCHIVE \
    -inkey $PRIVKEY \
    -in $CHAIN \
    -password pass:$PASSWORD

  # Remove Let's Encrypt source data to prevent another execution.
  rm $PRIVKEY && rm $CHAIN

  # Create new Java keystore based on PKCS12 archive.
  keytool -importkeystore \
    -destkeystore $TMPKEYSTORE \
    -deststorepass $PASSWORD \
    -srcstoretype PKCS12 \
    -srcstorepass $PASSWORD \
    -srckeystore $PKCS12ARCHIVE

  # Set owner for new file
  chown daemon:daemon $TMPKEYSTORE

  # Backup old Openfire keystore.
  cp $OPENFIRESTORE $OPENFIRESTORE-backup-$(date +%s)

  # Move new store in place.
  mv $TMPKEYSTORE $OPENFIRESTORE
 fi
	#!/bin/bash

	#
	# @author https://github.com/guusdk
	#

	# Checks for a known location where Let's Encrypt keys/certificates will be spontaneously exist.
	# When files are detected, they're used to generate a new keystore, which is then used
	# to replace the Openfire keystore.
	set -e

	PRIVKEY=/etc/letsencrypt/live/ourdomain/privkey.pem
	CHAIN=/etc/letsencrypt/live/ourdomain/fullchain.pem
	OPENFIRESTORE=/opt/openfire/resources/security/keystore
	PASSWORD=changeit

	# No changes needed below.
	PKCS12ARCHIVE=/tmp/keystore.p12
	TMPKEYSTORE=/tmp/keystore

	if [[ -f $PRIVKEY && -f $CHAIN ]]
	then

	# Remove leftovers from last iteration.
	if [[ -f $PKCS12ARCHIVE ]]
	then
	rm $PKCS12ARCHIVE
	fi

	if [[ -f $TMPKEYSTORE ]]
	then
	rm $TMPKEYSTORE
	fi

	# Import Let's Encrypt data in PKCS12 archive.
	openssl pkcs12 \
	-export \
	-out $PKCS12ARCHIVE \
	-inkey $PRIVKEY \
	-in $CHAIN \
	-password pass:$PASSWORD

	# Remove Let's Encrypt source data to prevent another execution.
	rm $PRIVKEY && rm $CHAIN

	# Create new Java keystore based on PKCS12 archive.
	keytool -importkeystore \
	-destkeystore $TMPKEYSTORE \
	-deststorepass $PASSWORD \
	-srcstoretype PKCS12 \
	-srcstorepass $PASSWORD \
	-srckeystore $PKCS12ARCHIVE

	# Set owner for new file
	chown daemon:daemon $TMPKEYSTORE

	# Backup old Openfire keystore.
	cp $OPENFIRESTORE $OPENFIRESTORE-backup-$(date +%s)

	# Move new store in place.
	mv $TMPKEYSTORE $OPENFIRESTORE
	fi