Browse Source

add a script to create SAN certificates for postfix, and upload them to the mail server

master
victor héry 6 years ago
parent
commit
55e37592e3
2 changed files with 39 additions and 0 deletions
  1. +9
    -0
      README.md
  2. +30
    -0
      create-cert-postfix

+ 9
- 0
README.md View File

@ -31,3 +31,12 @@ Usage :
./renew-certificate >> /var/log/renew-certificates.log ./renew-certificate >> /var/log/renew-certificates.log
``` ```
##How to create postfix SAN certificate
Create SAN (multi-domains) certificates for a postfix configuration
Edit postfix_pem_path and mail_server and deploy ssh key accordingly.
I should write a blog article once I have time, meanwhile do not hesitate to ask questions on the repo
Usage:
```
./create-cert-postfix domain1.tld domain2.tld domain3.tld
```

+ 30
- 0
create-cert-postfix View File

@ -0,0 +1,30 @@
#!/bin/bash
#Configuration variables
certbot_bin="/usr/bin/certbot"
postfix_pem_path="/etc/ssl/"
mail_server="192.168.201.172"
if [ ! $# -ge 1 ] ; then
echo "$(date +%c) Please give domain name as parameter"
exit 1
fi
DOMAIN_OPTION=""
for domain in "${@}"; do
DOMAIN_OPTION="${DOMAIN_OPTION} -d mail.${domain} -d smtp.${domain} -d imap.${domain}"
done
echo "$(date +%c) Generate certificat for ${@}"
${certbot_bin} certonly ${DOMAIN_OPTION} --renew-by-default --http-01-port 63443 --agree-tos
if [ $? -eq 0 ]; then
echo "$(date +%c) Success!"
rsync -az -L /etc/letsencrypt/live/mail.$1/cert.pem /etc/letsencrypt/live/mail.$1/privkey.pem /etc/letsencrypt/live/mail.$1/chain.pem ssl-san@${mail_server}:${postfix_pem_path}
ssh ssl-san@${mail_server} "sudo systemctl reload postfix"
else
echo "$(date +%c) Error creating certificate with error code $?, exit script..."
exit 1
fi
exit 0

Loading…
Cancel
Save