jhit · May 20, 2018 10:05
diff --git a/letsencrypt-for-pure-ftpd.sh b/letsencrypt-for-pure-ftpd.sh
 #!/bin/bash

 # letsencrypt-for-pure-ftpd.sh:  compares the ssl certficate/key used by pure-ftpd
 # with the current certificate/key issued by letsencrypt and copy the latter
 # to the former if they differ.

 # this can be run as a cronjob to propogate letsencrypt certificate changes
 # to pure-ftpd

 PUREFTPD_CERT=/etc/ssl/private/pure-ftpd.pem
 LE_DOMAIN=jhit.org
 LE_DIR=/etc/letsencrypt/live/${LE_DOMAIN}
 LE_CA=${LE_DIR}/chain.pem
 LE_CERT=${LE_DIR}/cert.pem
 LE_FULLCHAIN=${LE_DIR}/fullchain.pem
 LE_KEY=${LE_DIR}/privkey.pem

 OPENSSL=`which openssl 2>/dev/null | head -1`

 # Check if letsencrypt has been setup
 if [ ! -f ${LE_CA} -o ! -f ${LE_CERT} -o ! -f ${LE_FULLCHAIN} -o ! -f ${LE_KEY} ]
 then
    echo "Letsencrypt files not found.  You must setup letsencrypt and issue a certificate first." 1>&2
    exit 0
 fi

 # Check openssl binary exists
 if [ ! -f ${OPENSSL} ]
 then
    echo "Cannot find openssl. Exiting." 1>&2
    exit 1
 fi

 # setup_certs() copies/formats the letsencrypt files for pure-ftpd
 function setup_cert() {
    cat ${LE_KEY} ${LE_FULLCHAIN} > ${PUREFTPD_CERT}
    chown root:ssl-cert ${PUREFTPD_CERT}
    chmod 640 ${PUREFTPD_CERT}
 }

 # restart pureftpd if it is running
 function restart_pureftpd_if_running() {
    service pure-ftpd-mysql status 2>/dev/null >/dev/null
    if [ $? -eq 0 ]
    then
        service pure-ftpd-mysql restart >/dev/null
    fi
 }

 # restart postfix if it is running
 function restart_postfix_if_running() {
    service postfix status 2>/dev/null >/dev/null
    if [ $? -eq 0 ]
    then
        service postfix restart >/dev/null
    fi
 }

 # restart dovecot if it is running
 function restart_dovecot_if_running() {
    service dovecot status 2>/dev/null >/dev/null
    if [ $? -eq 0 ]
    then
        service dovecot restart >/dev/null
    fi
 }

 if [ ! -f ${PUREFTPD_CERT} ]
 then
    setup_cert && restart_pureftpd_if_running
 else # check if keys/certificates changed
    le_modulus=`${OPENSSL} rsa -noout -modulus -in ${LE_KEY} | md5sum`
    pureftpd_modulus=`${OPENSSL} rsa -noout -modulus -in ${PUREFTPD_CERT} | md5sum`

    le_serial=`${OPENSSL} x509 -noout -serial -in ${LE_CERT}`
    pureftpd_file_serial=`${OPENSSL} x509 -noout -serial -in ${PUREFTPD_CERT}`
    pureftpd_running_serial=`${OPENSSL} s_client -connect localhost:21 -starttls ftp </dev/null 2>/dev/null | ${OPENSSL} x509 -serial -noout`


    if [ "${le_modulus}" != "${pureftpd_modulus}" -o "${le_serial}" != "${pureftpd_file_serial}" -o "${le_serial}" != "${pureftpd_running_serial}" ]
    then
        setup_cert && restart_pureftpd_if_running && restart_dovecot_if_running && restart_postfix_if_running
    fi
 fi

 exit 0
diff --git a/run on console to install b/run on console to install
 # chmod +x /usr/local/sbin/letsencrypt-for-pure-ftpd.sh
 # echo '25 3 * * *  root  /usr/local/sbin/letsencrypt-for-pure-ftpd.sh' >> /etc/cron.d/letsencrypt-restarts
	#!/bin/bash

	# letsencrypt-for-pure-ftpd.sh: compares the ssl certficate/key used by pure-ftpd
	# with the current certificate/key issued by letsencrypt and copy the latter
	# to the former if they differ.

	# this can be run as a cronjob to propogate letsencrypt certificate changes
	# to pure-ftpd

	PUREFTPD_CERT=/etc/ssl/private/pure-ftpd.pem
	LE_DOMAIN=jhit.org
	LE_DIR=/etc/letsencrypt/live/${LE_DOMAIN}
	LE_CA=${LE_DIR}/chain.pem
	LE_CERT=${LE_DIR}/cert.pem
	LE_FULLCHAIN=${LE_DIR}/fullchain.pem
	LE_KEY=${LE_DIR}/privkey.pem

	OPENSSL=`which openssl 2>/dev/null \| head -1`

	# Check if letsencrypt has been setup
	if [ ! -f ${LE_CA} -o ! -f ${LE_CERT} -o ! -f ${LE_FULLCHAIN} -o ! -f ${LE_KEY} ]
	then
	echo "Letsencrypt files not found. You must setup letsencrypt and issue a certificate first." 1>&2
	exit 0
	fi

	# Check openssl binary exists
	if [ ! -f ${OPENSSL} ]
	then
	echo "Cannot find openssl. Exiting." 1>&2
	exit 1
	fi

	# setup_certs() copies/formats the letsencrypt files for pure-ftpd
	function setup_cert() {
	cat ${LE_KEY} ${LE_FULLCHAIN} > ${PUREFTPD_CERT}
	chown root:ssl-cert ${PUREFTPD_CERT}
	chmod 640 ${PUREFTPD_CERT}
	}

	# restart pureftpd if it is running
	function restart_pureftpd_if_running() {
	service pure-ftpd-mysql status 2>/dev/null >/dev/null
	if [ $? -eq 0 ]
	then
	service pure-ftpd-mysql restart >/dev/null
	fi
	}

	# restart postfix if it is running
	function restart_postfix_if_running() {
	service postfix status 2>/dev/null >/dev/null
	if [ $? -eq 0 ]
	then
	service postfix restart >/dev/null
	fi
	}

	# restart dovecot if it is running
	function restart_dovecot_if_running() {
	service dovecot status 2>/dev/null >/dev/null
	if [ $? -eq 0 ]
	then
	service dovecot restart >/dev/null
	fi
	}

	if [ ! -f ${PUREFTPD_CERT} ]
	then
	setup_cert && restart_pureftpd_if_running
	else # check if keys/certificates changed
	le_modulus=`${OPENSSL} rsa -noout -modulus -in ${LE_KEY} \| md5sum`
	pureftpd_modulus=`${OPENSSL} rsa -noout -modulus -in ${PUREFTPD_CERT} \| md5sum`

	le_serial=`${OPENSSL} x509 -noout -serial -in ${LE_CERT}`
	pureftpd_file_serial=`${OPENSSL} x509 -noout -serial -in ${PUREFTPD_CERT}`
	pureftpd_running_serial=`${OPENSSL} s_client -connect localhost:21 -starttls ftp </dev/null 2>/dev/null \| ${OPENSSL} x509 -serial -noout`


	if [ "${le_modulus}" != "${pureftpd_modulus}" -o "${le_serial}" != "${pureftpd_file_serial}" -o "${le_serial}" != "${pureftpd_running_serial}" ]
	then
	setup_cert && restart_pureftpd_if_running && restart_dovecot_if_running && restart_postfix_if_running
	fi
	fi

	exit 0
	# chmod +x /usr/local/sbin/letsencrypt-for-pure-ftpd.sh
	# echo '25 3 * * * root /usr/local/sbin/letsencrypt-for-pure-ftpd.sh' >> /etc/cron.d/letsencrypt-restarts