#!/bin/bash reverse_fqdn_cert_id="${1:?}" # Prep dirs mkdir -v -p '/etc/pki/tls/certs/quico-ops/'{'user/'{'nginx','znc'}}'/'"${reverse_fqdn_cert_id}" chown -v -R 'znc:znc' '/etc/pki/tls/certs/quico-ops/user/znc' chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/znc' chown -v -R 'nginx:nginx' '/etc/pki/tls/certs/quico-ops/user/nginx' chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/nginx' # Prep ZNC rsync -av '/etc/pki/tls/certs/quico-ops/system/'"${reverse_fqdn_cert_id}"'/' '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/' cat '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/'{''"${reverse_fqdn_cert_id}"'.key','fullchain.cer'} > '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/znc.pem' chown -v -R 'znc:znc' '/etc/pki/tls/certs/quico-ops/user/znc' chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/znc' # Prep Nginx rsync -av '/etc/pki/tls/certs/quico-ops/system/'"${reverse_fqdn_cert_id}"'/' '/etc/pki/tls/certs/quico-ops/user/nginx/'"${reverse_fqdn_cert_id}"'/' chown -v -R 'nginx:nginx' '/etc/pki/tls/certs/quico-ops/user/nginx' chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/nginx' # Reload Nginx if active. ZNC on the other hand always delivers newest cert. # We don't have to care if ZNC is running. if systemctl --quiet is-active nginx.service; then nginx -t && nginx -s reload fi