diff options
| author | Erich Eckner <git@eckner.net> | 2020-01-14 09:17:14 +0100 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2020-01-14 09:17:14 +0100 |
| commit | 256beb31ce4c2db9cd0a9f5afe14f893a4be24b1 (patch) | |
| tree | 8f23b71d38406acc697a4d35cce5cfcd46240cb8 | |
| parent | b26077910882b8e60b9c08c92dc71dcb789aa995 (diff) | |
| download | simple-pki-256beb31ce4c2db9cd0a9f5afe14f893a4be24b1.tar.xz | |
rotate-keys: use new server keys immediately
| -rw-r--r-- | rotate-keys.in | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/rotate-keys.in b/rotate-keys.in index 9299af7..8255729 100644 --- a/rotate-keys.in +++ b/rotate-keys.in @@ -45,6 +45,10 @@ host_key_files=$( if [ "$(whoami)" != "${certificate_user}" ]; then if [ "$(whoami)" = 'root' ]; then + chown -R "${certificate_user}" "${key_dir}" + su "${certificate_user}" -s /bin/bash -c "${me}" \ + || exit $? + updated_something=false for host_key_file in ${host_key_files}; do if [ -f "${key_dir}/${host_key_file}.key.new" ] \ @@ -68,8 +72,6 @@ if [ "$(whoami)" != "${certificate_user}" ]; then systemctl try-restart nginx fi - chown -R "${certificate_user}" "${key_dir}" - su "${certificate_user}" -s /bin/bash -c "${me}" exit $? fi >&2 printf 'only root can su %s\n' "${certificate_user}" |