summaryrefslogtreecommitdiff
path: root/rotate-keys.in
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2020-01-14 09:17:14 +0100
committerErich Eckner <git@eckner.net>2020-01-14 09:17:14 +0100
commit256beb31ce4c2db9cd0a9f5afe14f893a4be24b1 (patch)
tree8f23b71d38406acc697a4d35cce5cfcd46240cb8 /rotate-keys.in
parentb26077910882b8e60b9c08c92dc71dcb789aa995 (diff)
downloadsimple-pki-256beb31ce4c2db9cd0a9f5afe14f893a4be24b1.tar.xz
rotate-keys: use new server keys immediately
Diffstat (limited to 'rotate-keys.in')
-rw-r--r--rotate-keys.in6
1 files changed, 4 insertions, 2 deletions
diff --git a/rotate-keys.in b/rotate-keys.in
index 9299af7..8255729 100644
--- a/rotate-keys.in
+++ b/rotate-keys.in
@@ -45,6 +45,10 @@ host_key_files=$(
if [ "$(whoami)" != "${certificate_user}" ]; then
if [ "$(whoami)" = 'root' ]; then
+ chown -R "${certificate_user}" "${key_dir}"
+ su "${certificate_user}" -s /bin/bash -c "${me}" \
+ || exit $?
+
updated_something=false
for host_key_file in ${host_key_files}; do
if [ -f "${key_dir}/${host_key_file}.key.new" ] \
@@ -68,8 +72,6 @@ if [ "$(whoami)" != "${certificate_user}" ]; then
systemctl try-restart nginx
fi
- chown -R "${certificate_user}" "${key_dir}"
- su "${certificate_user}" -s /bin/bash -c "${me}"
exit $?
fi
>&2 printf 'only root can su %s\n' "${certificate_user}"