From 2afc3b9e50311ca501dc3d437527892e726bbedb Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Fri, 10 Nov 2017 10:32:55 -0800
Subject: [PATCH] certbot: Move path to /usr/local/sbin.

[greg: fixed typo bug]
---
 puppet/zulip/files/cron.d/certbot-renew | 2 +-
 scripts/setup/setup-certbot             | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/puppet/zulip/files/cron.d/certbot-renew b/puppet/zulip/files/cron.d/certbot-renew
index 0fd7980a8e..a8fceaa431 100644
--- a/puppet/zulip/files/cron.d/certbot-renew
+++ b/puppet/zulip/files/cron.d/certbot-renew
@@ -3,4 +3,4 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 USER=root
 
 # Cron job to renew certbot twice a day.
-52 0,12 * * * root /root/certbot-auto renew --webroot --webroot-path=/var/www/certbot/ --quiet
+52 0,12 * * * root /usr/local/sbin/certbot-auto renew --webroot --webroot-path=/var/www/certbot/ --quiet
diff --git a/scripts/setup/setup-certbot b/scripts/setup/setup-certbot
index 8c923d6853..3ab46918b1 100755
--- a/scripts/setup/setup-certbot
+++ b/scripts/setup/setup-certbot
@@ -40,12 +40,12 @@ if [ -n "$show_help" ]; then
     usage
 fi
 
+CERTBOT_PATH="/usr/local/sbin/certbot-auto"
 # For reference https://certbot.eff.org/all-instructions/#debian-other-nginx
-# We download to /root as a reasonably safe place with only root having access
-wget https://dl.eff.org/certbot-auto -O /root/certbot-auto
-chmod a+x /root/certbot-auto
+wget https://dl.eff.org/certbot-auto -O "$CERTBOT_PATH"
+chmod a+x "$CERTBOT_PATH"
 
-/root/certbot-auto --standalone certonly -d "$DOMAIN" -m "$EMAIL" --agree-tos --non-interactive
+"$CERTBOT_PATH" --standalone certonly -d "$DOMAIN" -m "$EMAIL" --agree-tos --non-interactive
 
 # Link the generated cert to the path read by Zulip
 ln -nsf /etc/letsencrypt/live/"$DOMAIN"/privkey.pem /etc/ssl/private/zulip.key