tooling/scripts/rotate-certs.sh

17 lines
396 B
Bash
Executable file

#!/bin/bash
# Renew and deploy TLS certificates via certbot + Vault.
set -euo pipefail
DOMAINS=("nexus.local" "*.nexus.local")
EMAIL="infra@nexus.local"
for DOMAIN in "${DOMAINS[@]}"; do
certbot certonly --dns-route53 \
-d "$DOMAIN" \
--email "$EMAIL" \
--agree-tos \
--non-interactive
done
echo "[certs] Renewed. Reloading nginx..."
systemctl reload nginx