From d43cdbc412d6548447d3d4c6238fc56c99e09d98 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Tue, 19 Jan 2021 21:58:10 +0100 Subject: space_server: radius: use letsencrypt certificate --- roles/space_server/files/radius/bootstrap | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100755 roles/space_server/files/radius/bootstrap (limited to 'roles/space_server/files/radius/bootstrap') diff --git a/roles/space_server/files/radius/bootstrap b/roles/space_server/files/radius/bootstrap new file mode 100755 index 0000000..376aa78 --- /dev/null +++ b/roles/space_server/files/radius/bootstrap @@ -0,0 +1,28 @@ +#!/bin/sh + +set -e + +certname=space.labitat.dk +privkey="/etc/letsencrypt/live/$certname/privkey.pem" +fullchain="/etc/letsencrypt/live/$certname/fullchain.pem" + +umask 027 +cd "$(dirname $0)" + +if [ ! -f dh ]; then + openssl dhparam -out dh 2048 + chown root:radiusd dh + chmod 640 dh +fi + +if ! diff -q "$privkey" privkey.pem >/dev/null 2>&1; then + install -m640 -o root -g radiusd "$privkey" privkey.pem +fi + +if ! diff -q "$fullchain" fullchain.pem >/dev/null 2>&1; then + install -m640 -o root -g radiusd "$fullchain" fullchain.pem +fi + +openssl verify -untrusted fullchain.pem fullchain.pem + +# vim: set ts=2 sw=2 et: -- cgit v1.2.1