debian: updates let's encrypt and coturn scripts.

jitsi · Apr 7, 2020 · d82162c · d82162c
1 parent 96a048e
commit d82162c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 32 deletions.
diff --git a/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh b/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh
@@ -3,6 +3,7 @@
 set -e
 
 COTURN_CERT_DIR="/etc/coturn/certs"
+TURN_CONFIG="/etc/turnserver.conf"
 
 # create a directory to store certs if it does not exists
 if [ ! -d "$COTURN_CERT_DIR" ]; then
@@ -29,6 +30,12 @@ for domain in $RENEWED_DOMAINS; do
                 chmod 400 "$COTURN_CERT_DIR/$domain.fullchain.pem" \
                         "$COTURN_CERT_DIR/$domain.privkey.pem"
 
+                if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
+                    echo "Configuring turnserver"
+                    sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/${domain}.fullchain.pem" $TURN_CONFIG
+                    sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/${domain}.privkey.pem" $TURN_CONFIG
+                fi
+                service coturn restart
                 ;;
         esac
 done

diff --git a/resources/install-letsencrypt-cert.sh b/resources/install-letsencrypt-cert.sh
@@ -43,8 +43,9 @@ CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
 if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
 
     TURN_CONFIG="/etc/turnserver.conf"
+    TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
     if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
-        TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
+        mkdir -p $(dirname $TURN_HOOK)
 
         cp /usr/share/jitsi-meet-turnserver/coturn-certbot-deploy.sh $TURN_HOOK
         chmod u+x $TURN_HOOK
@@ -54,7 +55,8 @@ if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
     ./certbot-auto certonly --noninteractive \
     --webroot --webroot-path /usr/share/jitsi-meet \
     -d $DOMAIN \
-    --agree-tos --email $EMAIL
+    --agree-tos --email $EMAIL \
+    --deploy-hook $TURN_HOOK
 
     echo "Configuring nginx"
 
@@ -70,15 +72,6 @@ if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
 
     echo "service nginx reload" >> $CRON_FILE
     service nginx reload
-
-    if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
-        echo "Configuring turnserver"
-        sed -i "/^cert/c\cert=\/etc\/coturn\/certs\/$DOMAIN.fullchain.pem" $TURN_CONFIG
-        sed -i "/^pkey/c\pkey=\/etc\/coturn\/certs\/$DOMAIN.privkey.pem" $TURN_CONFIG
-
-        echo "service coturn restart" >> $CRON_FILE
-        service coturn restart
-    fi
 elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
 
     ./certbot-auto certonly --noninteractive \
@@ -100,27 +93,6 @@ elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
 
     echo "service apache2 reload" >> $CRON_FILE
     service apache2 reload
-else
-    service jitsi-videobridge stop
-
-    ./certbot-auto certonly --noninteractive \
-    --standalone \
-    -d $DOMAIN \
-    --agree-tos --email $EMAIL
-
-    echo "Configuring jetty"
-
-    CERT_P12="/etc/jitsi/videobridge/$DOMAIN.p12"
-    CERT_JKS="/etc/jitsi/videobridge/$DOMAIN.jks"
-    # create jks from  certs
-    openssl pkcs12 -export \
-        -in $CERT_CRT -inkey $CERT_KEY -passout pass:changeit > $CERT_P12
-    keytool -importkeystore -destkeystore $CERT_JKS \
-        -srckeystore $CERT_P12 -srcstoretype pkcs12 \
-        -noprompt -storepass changeit -srcstorepass changeit
-
-    service jitsi-videobridge start
-
 fi
 
 # the cron file that will renew certificates