yellowcrescent/cert_update.py

## cert_update.py
## Automatic method ###
# See: <https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP>

# Add the root and CA certificates, if not already added. If this is not done, your external cert will NOT be trusted
ipa-cacert-manage -n addtrust_root -t C,, install AddTrustExternalCARoot.crt
ipa-cacert-manage -n comodoca_top -t C,, install COMODORSAAddTrustCA.crt
ipa-cacert-manage -n comodoca_dcv -t C,, install COMODORSADomainValidationSecureServerCA.crt
ipa-certupdate

# Install/update the certificate
# This will also automatically update Apache and DS NSS configs to point to the new cert
ipa-server-certinstall -w -d /etc/ssl/private/wildcard_ycnrg-org.crt /etc/ssl/certs/wildcard_ycnrg-org.crt

echo "Restarting Apache & DS services..."
systemctl restart httpd
systemctl restart dirsrv@YCNRG-ORG

echo "*** Complete!"
	## Automatic method ###
	# See: <https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP>

	# Add the root and CA certificates, if not already added. If this is not done, your external cert will NOT be trusted
	ipa-cacert-manage -n addtrust_root -t C,, install AddTrustExternalCARoot.crt
	ipa-cacert-manage -n comodoca_top -t C,, install COMODORSAAddTrustCA.crt
	ipa-cacert-manage -n comodoca_dcv -t C,, install COMODORSADomainValidationSecureServerCA.crt
	ipa-certupdate

	# Install/update the certificate
	# This will also automatically update Apache and DS NSS configs to point to the new cert
	ipa-server-certinstall -w -d /etc/ssl/private/wildcard_ycnrg-org.crt /etc/ssl/certs/wildcard_ycnrg-org.crt

	echo "Restarting Apache & DS services..."
	systemctl restart httpd
	systemctl restart dirsrv@YCNRG-ORG

	echo "*** Complete!"