|
@@ -758,17 +758,17 @@ function update_default_domain {
|
758
|
758
|
if [[ $ONION_ONLY == 'no' ]]; then
|
759
|
759
|
if [ -d /etc/prosody ]; then
|
760
|
760
|
if [ -f /etc/mumble-server.ini ]; then
|
761
|
|
- if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
761
|
+ if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
|
762
|
762
|
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
|
763
|
763
|
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
|
764
|
764
|
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
|
765
|
765
|
systemctl restart mumble
|
766
|
766
|
fi
|
767
|
767
|
else
|
768
|
|
- if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then
|
|
768
|
+ if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
|
769
|
769
|
usermod -a -G ssl-cert mumble-server
|
770
|
|
- sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
|
771
|
|
- sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
|
|
770
|
+ sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
|
|
771
|
+ sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
|
772
|
772
|
systemctl restart mumble
|
773
|
773
|
fi
|
774
|
774
|
fi
|
|
@@ -779,37 +779,37 @@ function update_default_domain {
|
779
|
779
|
fi
|
780
|
780
|
cp /etc/ssl/private/xmpp* /etc/prosody/certs
|
781
|
781
|
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
|
782
|
|
- if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
782
|
+ if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
|
783
|
783
|
usermod -a -G ssl-cert prosody
|
784
|
784
|
if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
785
|
|
- sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
785
|
+ sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
786
|
786
|
fi
|
787
|
787
|
if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
788
|
|
- sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
788
|
+ sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
789
|
789
|
fi
|
790
|
790
|
|
791
|
791
|
if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/prosody.cfg.lua; then
|
792
|
|
- sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
|
|
792
|
+ sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
|
793
|
793
|
fi
|
794
|
794
|
if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
|
795
|
|
- sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
|
|
795
|
+ sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
|
796
|
796
|
fi
|
797
|
797
|
fi
|
798
|
798
|
|
799
|
799
|
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
800
|
|
- sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
800
|
+ sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
801
|
801
|
fi
|
802
|
802
|
|
803
|
803
|
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
804
|
|
- sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
804
|
+ sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
805
|
805
|
fi
|
806
|
806
|
|
807
|
807
|
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
|
808
|
|
- sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
|
|
808
|
+ sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
|
809
|
809
|
fi
|
810
|
810
|
|
811
|
811
|
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
|
812
|
|
- sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
|
|
812
|
+ sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
|
813
|
813
|
fi
|
814
|
814
|
|
815
|
815
|
chown -R prosody:default /etc/prosody
|
|
@@ -822,15 +822,15 @@ function update_default_domain {
|
822
|
822
|
|
823
|
823
|
if [ -d /home/znc/.znc ]; then
|
824
|
824
|
echo $'znc found'
|
825
|
|
- if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
|
825
|
+ if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
|
826
|
826
|
pkill znc
|
827
|
827
|
cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
|
828
|
828
|
chown znc:znc /home/znc/.znc/znc.pem
|
829
|
829
|
chmod 700 /home/znc/.znc/znc.pem
|
830
|
830
|
|
831
|
|
- sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf
|
|
831
|
+ sed -i "s|CertFile =.*|CertFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/ngircd/ngircd.conf
|
832
|
832
|
sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
|
833
|
|
- sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf
|
|
833
|
+ sed -i "s|KeyFile =.*|KeyFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" /etc/ngircd/ngircd.conf
|
834
|
834
|
echo $'irc certificates updated'
|
835
|
835
|
|
836
|
836
|
systemctl restart ngircd
|
|
@@ -841,14 +841,15 @@ function update_default_domain {
|
841
|
841
|
if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
|
842
|
842
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
843
|
843
|
if [ -d /etc/dovecot ]; then
|
844
|
|
- if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
|
845
|
|
- sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
|
846
|
|
- sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
|
|
844
|
+ if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
|
|
845
|
+ sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
|
|
846
|
+ sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
|
847
|
847
|
systemctl restart dovecot
|
848
|
848
|
fi
|
849
|
849
|
fi
|
850
|
850
|
|
851
|
851
|
if [ -d /etc/exim4 ]; then
|
|
852
|
+ # Unfortunately there doesn't appear to be any other way than copying certs here
|
852
|
853
|
cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
|
853
|
854
|
chown root:Debian-exim /etc/exim4/*.pem
|
854
|
855
|
chmod 640 /etc/exim4/*.pem
|