keyringer $HYDRA ls -1 ssl/ | grep crt | while read cert; do
cert="`basename $cert .asc`"
priv="`basename $cert .crt`.pem"
+ prefix="`basename $cert .crt`"
+ domain="`facter domain`"
$HYDRA_CONNECT $hostname <<EOF
sudo touch /etc/ssl/certs/$cert
echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
keyringer $HYDRA decrypt ssl/$priv | \
$HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
+
+ # Post-processing
+ $HYDRA_CONNECT $hostname <<EOF
+ # Symlinks for the main cert and key
+ if [ "$prefix" == "$domain" ] && [ -e "" ]; then
+ cd /etc/ssl/certs && sudo ln -s $cert cert.crt
+ cd /etc/ssl/private && sudo ln -s $priv cert.pem
+ fi
+
+ # Concatenated cert
+ cd /etc/ssl/private
+ sudo touch $prefix-concat.pem
+ sudo chown root.ssl-cert $prefix-concat.pem
+ sudo chmod 640 $prefix-concat.pem
+ sudo cp /etc/ssl/certs/$cert $prefix-concat.pem
+ sudo cat $priv | sudo tee -a $prefix-concat.pem > /dev/null
+
+ # Restart services
+ services="apache2 postfix nginx lighttpd mumble"
+ for service in \$services; do
+ if systemctl list-units | grep active | grep -q $service'.service'; then
+ sudo service $service restart
+ fi
+ done
+EOF
+
done
done
projects / hydra.git / commitdiff