fabiotatsuo · April 24, 2019 03:39
diff --git a/deploy.sh b/deploy.sh
 #!/bin/sh

 # This script copy fullchain.pem and privkey.pem to concatanate and make the CRT pem
 # Separate domains by whitespace in DOMAIN_LIST
 # CRT pem are stored at /usr/local/etc/haproxy/ssl for HAProxy use, change if you want a different dir
 # ACMEDIR is the location for files produced by acme-client /usr/ports/security/acme-client/

 set -e

 TODAY=`date +"%Y%m%d"`

 DOMAIN_LIST="example.com example1.com"
 ACMEDIR="/usr/local/etc/ssl/acme"
 TARGETDIR="/usr/local/etc/haproxy/ssl"

 for domain in ${DOMAIN_LIST}; do
    echo "Deploy ${domain}"
    echo "Check if the certificate has changed"
    [ -f  "${TARGETDIR}/certs/${domain}.pem" ] && [ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${TARGETDIR}/certs/${domain}.pem`" ] && continue

    echo "Copying pem from Acme dir to Target dir"
    [ -d "${TARGETDIR}/priv" ] && echo "Priv dir exist" || mkdir -pm700 "${TARGETDIR}/priv"
    cp -L "${ACMEDIR}/private/${domain}/privkey.pem" "${TARGETDIR}/priv/${domain}.pem"
    [ -d "${TARGETDIR}/certs" ] && echo "Certs dir exist" || mkdir -pm755 "${TARGETDIR}/certs"
    cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${TARGETDIR}/certs/${domain}.pem"

    chmod 400 "${TARGETDIR}/priv/${domain}.pem"
    chmod 644 "${TARGETDIR}/certs/${domain}.pem"

    echo "Concatanate fullchain.epm and privkey.pem - CRT file"
    # temporary backup dir
    echo "Backup ${domain}.pem if exist"
    [ -d "${TARGETDIR}/backup" ] || mkdir -pm700 "${TARGETDIR}/backup"

    [ -f  "${TARGETDIR}/${domain}.pem" ] && cp -L "${TARGETDIR}/${domain}.pem" "${TARGETDIR}/backup/${domain}.${TODAY}.pem"

    echo "Creating new CRT for ${domain}.pem"
    cat "${TARGETDIR}/priv/${domain}.pem" "${TARGETDIR}/certs/${domain}.pem" | tee "${TARGETDIR}/${domain}.pem"

    chmod 600 "${TARGETDIR}/${domain}.pem"
    
    echo "Restart/-load relevant services"
    #[[ "${domain}" = "example.com" ]] && service haproxy restart

 done


 echo "Restarting HAProxy"
 service haproxy restart
	#!/bin/sh

	# This script copy fullchain.pem and privkey.pem to concatanate and make the CRT pem
	# Separate domains by whitespace in DOMAIN_LIST
	# CRT pem are stored at /usr/local/etc/haproxy/ssl for HAProxy use, change if you want a different dir
	# ACMEDIR is the location for files produced by acme-client /usr/ports/security/acme-client/

	set -e

	TODAY=`date +"%Y%m%d"`

	DOMAIN_LIST="example.com example1.com"
	ACMEDIR="/usr/local/etc/ssl/acme"
	TARGETDIR="/usr/local/etc/haproxy/ssl"

	for domain in ${DOMAIN_LIST}; do
	echo "Deploy ${domain}"
	echo "Check if the certificate has changed"
	[ -f "${TARGETDIR}/certs/${domain}.pem" ] && [ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${TARGETDIR}/certs/${domain}.pem`" ] && continue

	echo "Copying pem from Acme dir to Target dir"
	[ -d "${TARGETDIR}/priv" ] && echo "Priv dir exist" \|\| mkdir -pm700 "${TARGETDIR}/priv"
	cp -L "${ACMEDIR}/private/${domain}/privkey.pem" "${TARGETDIR}/priv/${domain}.pem"
	[ -d "${TARGETDIR}/certs" ] && echo "Certs dir exist" \|\| mkdir -pm755 "${TARGETDIR}/certs"
	cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${TARGETDIR}/certs/${domain}.pem"

	chmod 400 "${TARGETDIR}/priv/${domain}.pem"
	chmod 644 "${TARGETDIR}/certs/${domain}.pem"

	echo "Concatanate fullchain.epm and privkey.pem - CRT file"
	# temporary backup dir
	echo "Backup ${domain}.pem if exist"
	[ -d "${TARGETDIR}/backup" ] \|\| mkdir -pm700 "${TARGETDIR}/backup"

	[ -f "${TARGETDIR}/${domain}.pem" ] && cp -L "${TARGETDIR}/${domain}.pem" "${TARGETDIR}/backup/${domain}.${TODAY}.pem"

	echo "Creating new CRT for ${domain}.pem"
	cat "${TARGETDIR}/priv/${domain}.pem" "${TARGETDIR}/certs/${domain}.pem" \| tee "${TARGETDIR}/${domain}.pem"

	chmod 600 "${TARGETDIR}/${domain}.pem"

	echo "Restart/-load relevant services"
	#[[ "${domain}" = "example.com" ]] && service haproxy restart

	done


	echo "Restarting HAProxy"
	service haproxy restart