Skip to content

Instantly share code, notes, and snippets.

@dreness
Created September 13, 2020 22:37
Show Gist options
  • Save dreness/35fceeb1bb17ae757ef429a2a5628fbd to your computer and use it in GitHub Desktop.
Save dreness/35fceeb1bb17ae757ef429a2a5628fbd to your computer and use it in GitHub Desktop.
letsencrypt_synchronize_certs.sh
#!/bin/bash
set -x
set -e
# This script intends to compliment an automated LetEncrypt setup on
# OS X Server. After updating certs, the new files should be imported into
# Keychain, which Server will notice. Amusingly, we need to encrypt the
# certs for this to work, so this script does that (hard-coded password!)
DOMAIN="xyzzy.com"
ACMECMDSUFFIX=" --state=/opt/brew/var/lib/acmetool --xlog.file=/Users/andre/acme.log --response-file=/opt/brew/var/lib/acmetool/conf/responses --hooks=/opt/brew/var/lib/acmetool/hooks"
# updated things to import
LIVE=$(acmetool status ${ACMECMDSUFFIX}| awk '/ACME_STATE_DIR/ {print $2}')
LIVE="$LIVE/live/$DOMAIN"
newCert="$LIVE/cert"
newKey="$LIVE/privkey"
newChain="$LIVE/chain"
# staging area
TMP=$(mktemp -d)
P12Out="${DOMAIN}.p12"
# convert files for /usr/bin/security
openssl pkcs12 -export \
-inkey "$newKey" \
-in "$newCert" \
-certfile "$newChain" \
-out "${TMP}/${P12Out}" \
-password pass:__%#@myreallybestpkcs12password11one
# import cert + key
#security import /etc/letsencrypt/live/${P12Out}/letsencrypt_sslcert.p12 -f pkcs12 \
sudo /usr/bin/security -v import "${TMP}/${P12Out}" \
-A \
-f pkcs12 \
-k /Library/Keychains/System.keychain \
-P __%#@myreallybestpkcs12password11one
#-T /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/ServerManagerDaemon.bundle/Contents/MacOS/servermgr \
#-T /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment