cyrilpic

#!/bin/bash

# Use certbot brewed version

insert_into_keychain() {
  openssl pkcs12 -export -inkey /etc/letsencrypt/live/$1/privkey.pem -in /etc/letsencrypt/live/$1/cert.pem -certfile /etc/letsencrypt/live/$1/fullchain.pem -out /etc/letsencrypt/live/$1/letsencrypt_sslcert.p12 -passout pass:topsecret
  SHA_NEW=`openssl pkcs12 -in  /etc/letsencrypt/live/$1/letsencrypt_sslcert.p12 -nomacver -nodes -passin pass:topsecret | openssl x509 -noout -fingerprint -sha1 | cut -f2 -d'=' | sed 's/://g'`
  if [[ $2 != $SHA_NEW ]]; then
    # New certificate available
    # Import into keychain