hax/Prosxy-Cert-Updater
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Prosxy-Cert-Updater/README.md
hax 54d2cee822 README.md aktualisiert 
Signed-off-by: hax <hax@lainlounge.xyz>
2025-01-06 22:48:24 +00:00

2.7 KiB
Raw Permalink Blame History

Prosxy-Cert-Updater

This script automates the process of synchronizing wildcard SSL certificates from a remote proxy server to a local Prosody server and restarting Prosody to apply the new certificates.

Prerequisites

Ensure the following requirements are met before running the script:

  1. SSH Access: The local machine must have SSH access to the proxy server.
  2. Root Privileges: The script must be executed with sufficient permissions to access and modify certificate files and restart the Prosody service.
  3. Bash Shell: The script is written for the Bash shell.
  4. Systemd: The script assumes Prosody is managed via systemctl.

Script Details

Variables

  • PROXY_SERVER: The SSH connection string for the proxy server (e.g., root@10.64.0.5).
  • REMOTE_CERT_PATH: Path on the proxy server where the certificates are stored.
  • LOCAL_CERT_PATH: Local path where the certificates should be stored.
  • DOMAIN: Domain name for the certificates.

Functions

backup

Creates a backup of the current certificates in the backup folder under the local certificate directory.

fetch_wildcard_certificate

Transfers the wildcard SSL certificates (fullchain.pem and privkey.pem) from the remote proxy server to the local certificate directory.

verify_certificates

Checks if the transferred certificate files exist in the local directory. Exits the script if any files are missing.

reload_prosody

Reloads the Prosody service to apply the new certificates.

Main Workflow

  1. Create a backup of the existing certificates.
  2. Fetch new certificates from the proxy server.
  3. Verify that the certificates were transferred successfully.
  4. Restart the Prosody service.
  5. Confirm the process is complete.

Usage

  1. Save the script to a file (e.g., sync_certificates.sh).
  2. Make the script executable: 
    chmod +x sync_certificates.sh
  3. Run the script as root or with sudo: 
    sudo ./sync_certificates.sh

Logs

The script outputs progress logs for each step, including error messages if any step fails.

Troubleshooting

  • Ensure the scp command is installed and properly configured on both the local and remote machines.
  • Verify the paths to the certificate files on the remote and local machines.
  • Check the journalctl logs if Prosody fails to restart: 
    journalctl -u prosody

License

This script is provided "as is" without warranty of any kind. Use it at your own risk. The Project is licensed under AGPL 3 or newer.

Note: Update the PROXY_SERVER, REMOTE_CERT_PATH, LOCAL_CERT_PATH, and DOMAIN variables in the script as needed to match your environment.