chl/scripts-admin-quickndirty-public
1
0
Fork 0
Code Wiki Activity

script_refresh-proxied-certs: fix: don't overwrite when host is unavailable

Browse source
This commit is contained in:
Chl 2020-01-21 22:47:23 +01:00
parent 9da2d8701e
commit 266b15b535
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
script_refresh-proxied-certs.sh
View file

@ -30,7 +30,8 @@ for i in *.crt; do
sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE" sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE"
# Check that the new cert still match the local key # Check that the new cert still match the local key
if [ "$( ( openssl x509 -noout -modulus -in "$FQDN_HOSTNAME.crt"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then # (it should also fail safely when the host wasn't reachable)
if [ "$( ( openssl x509 -noout -modulus -in "$TMPFILE"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
# Mismatch : raise an alert # Mismatch : raise an alert
echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2 echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2
EXIT_STATUS=1 EXIT_STATUS=1