Skip to content

Instantly share code, notes, and snippets.

@pallas

pallas/courier-pem.mk

Created January 14, 2017 21:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pallas/8367b3a31e8fa401a30e1e2d7056b0bb to your computer and use it in GitHub Desktop.
Save pallas/8367b3a31e8fa401a30e1e2d7056b0bb to your computer and use it in GitHub Desktop.
Download ZIP
Will regenerate courier.pem & restart mail daemons when Let's Encrypt certificate renews.
Raw
courier-pem.mk
BASE?=/etc/letsencrypt
DOMAIN?=mx.example.com
DHBITS:=4096
LIVE:=$(BASE)/live/$(DOMAIN)
PRIVKEY:=$(LIVE)/privkey.pem
FULLCHAIN:=$(LIVE)/fullchain.pem
.PHONY: default
default:
flock --shared $(BASE) $(MAKE) courier.pem
dhparams-%.pem:
umask 0077 ; time openssl dhparam -outform PEM $(basename $*) > $@.tmp \
&& chown mail.mail $@.tmp \
&& mv $@.tmp $@
courier.pem: $(PRIVKEY) $(FULLCHAIN) dhparams-$(DHBITS).pem
umask 0077 ; cat $+ > $@.tmp \
&& chown mail.mail $@.tmp \
&& mv $@.tmp $@ && \
$(MAKE) maybe-restart
.PHONY: maybe-restart
maybe-restart:
/etc/init.d/courier status \
&& /etc/init.d/courier restart \
|| true
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment