Browse Source

script_refresh-proxied-certs: fix: don't overwrite when host is unavailable

master
Chl 2 months ago
parent
commit
266b15b535
1 changed files with 2 additions and 1 deletions
  1. +2
    -1
      script_refresh-proxied-certs.sh

+ 2
- 1
script_refresh-proxied-certs.sh View File

@@ -30,7 +30,8 @@ for i in *.crt; do
sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE"

# Check that the new cert still match the local key
if [ "$( ( openssl x509 -noout -modulus -in "$FQDN_HOSTNAME.crt"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
# (it should also fail safely when the host wasn't reachable)
if [ "$( ( openssl x509 -noout -modulus -in "$TMPFILE"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
# Mismatch : raise an alert
echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2
EXIT_STATUS=1


Loading…
Cancel
Save