#!/bin/bash # Renew and deploy TLS certificates via certbot + Vault. set -euo pipefail DOMAINS=("nexus.local" "*.nexus.local") EMAIL="infra@nexus.local" for DOMAIN in "${DOMAINS[@]}"; do certbot certonly --dns-route53 \ -d "$DOMAIN" \ --email "$EMAIL" \ --agree-tos \ --non-interactive done echo "[certs] Renewed. Reloading nginx..." systemctl reload nginx