b1ea2ee09e
try-reload-or-restart has this logic: Reload service if it supports it. If not, stop and then start instead. Does nothing if the service is not running.
53 lines
1.5 KiB
Bash
Executable File
53 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# vmail-stack
|
|
# https://git.stack-source.com/msb/vmail-stack
|
|
# Copyright (c) 2023 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# load include file
|
|
source $(dirname $0)/vmail.sh
|
|
|
|
help()
|
|
{
|
|
thisfilename=$(basename -- "$0")
|
|
echo "$thisfilename"
|
|
echo "Enable SSL (TLS) in dovecot (POP/IMAP) for given domain"
|
|
echo ""
|
|
echo "usage: $thisfilename -d <domain> [-h]"
|
|
echo ""
|
|
echo " -h Print this help."
|
|
echo " -d <domain> Domain to enable dovecot for."
|
|
echo ""
|
|
echo " Let's Encrypt certificate must already exist. If need be run this first:"
|
|
echo " letsencrypt-certonly.sh -d mail.<domain>"
|
|
}
|
|
|
|
vmail:getoptions "$@"
|
|
|
|
# check for domain
|
|
if [[ -z $domain ]]; then
|
|
echo "ERROR: domain name is required"
|
|
exit 1
|
|
else
|
|
# set vars
|
|
maildomain="mail.$domain"
|
|
pemfile="$maildomain.pem"
|
|
confile="$maildomain.conf"
|
|
fi
|
|
|
|
# check that letsencrypt cert exists
|
|
if [ ! -f /etc/ssl/letsencrypt/$pemfile ]; then
|
|
echo "Let's Encrypt cert for $maildomain does not exist, create that first:"
|
|
exit 1
|
|
fi
|
|
|
|
# create dovecot config & restart
|
|
if [ ! -f "/etc/dovecot/sites.d/$confile" ]; then
|
|
echo "local_name $maildomain {" > /etc/dovecot/sites.d/$confile
|
|
echo " ssl_cert = </etc/ssl/letsencrypt/$pemfile" >> /etc/dovecot/sites.d/$confile
|
|
echo " ssl_key = </etc/ssl/letsencrypt/$pemfile" >> /etc/dovecot/sites.d/$confile
|
|
echo "}" >> /etc/dovecot/sites.d/$confile
|
|
systemctl --quiet try-reload-or-restart dovecot
|
|
fi
|