mirror of
https://github.com/zulip/zulip.git
synced 2025-11-01 12:33:40 +00:00
84f956f5f1
Certbot replaces the cert files under /etc/letsencrypt/live/, which our nginx config refers to symlinks to; but it doesn't tell nginx there's been an update, so nginx keeps serving the old cert. This is fine as long as nginx is restarted, or just told to reload its config, at some point before the cert actually expires about 30 days later. Which is probably the common case, but of course we should make it just work. So, if we actually renew a cert, tell nginx to reload its config now.
21 lines
613 B
Bash
Executable File
21 lines
613 B
Bash
Executable File
#!/bin/bash
|
|
|
|
zulip_conf_get_boolean() {
|
|
# Get a boolean flag from zulip.conf, using the Python
|
|
# `configparser` library's conventions for what counts as true.
|
|
# Treat absent and invalid values as false.
|
|
value=$(crudini --get /etc/zulip/zulip.conf "$1" "$2" 2>/dev/null)
|
|
case "$(echo "$value" | tr A-Z a-z)" in
|
|
1|yes|true|on) return 0 ;;
|
|
*) return 1 ;;
|
|
esac
|
|
}
|
|
|
|
if ! zulip_conf_get_boolean certbot auto_renew; then
|
|
exit 0
|
|
fi
|
|
|
|
/usr/local/sbin/certbot-auto renew --quiet \
|
|
--webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
|
|
--deploy-hook 'service nginx reload'
|