|
|
|
|
@ -12,16 +12,21 @@
|
|
|
|
|
# Place this script in /etc/letsencrypt/renewal-hooks/deploy/ and make it
|
|
|
|
|
# executable after editing it to your needs.
|
|
|
|
|
|
|
|
|
|
if [ ${RENEWED_DOMAINS} = "my-mosquitto-domain" ]; then
|
|
|
|
|
# Set which domain this script will be run for
|
|
|
|
|
MY_DOMAIN="example.com"
|
|
|
|
|
# Set the directory that the certificates will be copied to.
|
|
|
|
|
CERTIFICATE_DIR=/etc/mosquitto/certs
|
|
|
|
|
|
|
|
|
|
if [ ${RENEWED_DOMAINS} = ${MY_DOMAIN} ]; then
|
|
|
|
|
# Copy new certificate to Mosquitto directory
|
|
|
|
|
cp ${RENEWED_LINEAGE}/fullchain.pem /etc/mosquitto/certs/server.pem
|
|
|
|
|
cp ${RENEWED_LINEAGE}/privkey.pem /etc/mosquitto/certs/server.key
|
|
|
|
|
cp ${RENEWED_LINEAGE}/fullchain.pem ${CERTIFICATE_DIR}/server.pem
|
|
|
|
|
cp ${RENEWED_LINEAGE}/privkey.pem ${CERTIFICATE_DIR}/server.key
|
|
|
|
|
|
|
|
|
|
# Set ownership to Mosquitto
|
|
|
|
|
chown mosquitto: /etc/mosquitto/certs/server.pem /etc/mosquitto/certs/server.key
|
|
|
|
|
chown mosquitto: ${CERTIFICATE_DIR}/server.pem ${CERTIFICATE_DIR}/server.key
|
|
|
|
|
|
|
|
|
|
# Ensure permissions are restrictive
|
|
|
|
|
chmod 0600 /etc/mosquitto/certs/server.pem /etc/mosquitto/certs/server.key
|
|
|
|
|
chmod 0600 ${CERTIFICATE_DIR}/server.pem ${CERTIFICATE_DIR}/server.key
|
|
|
|
|
|
|
|
|
|
# Tell Mosquitto to reload certificates and configuration
|
|
|
|
|
pkill -HUP -x mosquitto
|
|
|
|
|
|
Roger A. Light
4 years ago