17 lines
396 B
Bash
Executable file
17 lines
396 B
Bash
Executable file
#!/bin/bash
|
|
# Renew and deploy TLS certificates via certbot + Vault.
|
|
set -euo pipefail
|
|
|
|
DOMAINS=("nexus.local" "*.nexus.local")
|
|
EMAIL="infra@nexus.local"
|
|
|
|
for DOMAIN in "${DOMAINS[@]}"; do
|
|
certbot certonly --dns-route53 \
|
|
-d "$DOMAIN" \
|
|
--email "$EMAIL" \
|
|
--agree-tos \
|
|
--non-interactive
|
|
done
|
|
|
|
echo "[certs] Renewed. Reloading nginx..."
|
|
systemctl reload nginx
|