From d020dcf1fc188e511c577d440fd0f4ed0ee8fa71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Diemer?= <stephane.diemer@ubicast.eu>
Date: Wed, 12 Dec 2018 17:08:56 +0100
Subject: [PATCH] Changed file for SSL certificate (refs #27515).

---
 2.Common_services/5.Nginx/0_setup.py       |  9 ++++++++-
 2.Common_services/7.LetsEncrypt/0_setup.py | 11 +++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/2.Common_services/5.Nginx/0_setup.py b/2.Common_services/5.Nginx/0_setup.py
index 0c197f40..9d09b74e 100644
--- a/2.Common_services/5.Nginx/0_setup.py
+++ b/2.Common_services/5.Nginx/0_setup.py
@@ -103,8 +103,15 @@ def setup(interactive=True):
         utils.log('/etc/hosts updated.')
     else:
         utils.log('/etc/hosts is already up to date.')
-    # Update certificate in ssl.conf
+    # Move ssl.conf
     ssl_conf = '/etc/nginx/conf.d/ssl.conf'
+    if os.path.exists(ssl_conf):
+        utils.run_commands([
+            'grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf',
+            'mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old',
+        ])
+    # Update certificate in ssl_certificate.conf
+    ssl_conf = '/etc/nginx/conf.d/ssl_certificate.conf'
     if not os.path.exists(ssl_conf):
         utils.log('The SSL configuration file "%s" does not exist, SSL certificate not updated.' % ssl_conf)
     else:
diff --git a/2.Common_services/7.LetsEncrypt/0_setup.py b/2.Common_services/7.LetsEncrypt/0_setup.py
index 4a299165..f234ead1 100644
--- a/2.Common_services/7.LetsEncrypt/0_setup.py
+++ b/2.Common_services/7.LetsEncrypt/0_setup.py
@@ -7,8 +7,15 @@ import utils
 
 
 def setup(interactive=True):
-    # Check if a custom SSL certificate is used
+    # Move ssl.conf
     ssl_conf = '/etc/nginx/conf.d/ssl.conf'
+    if os.path.exists(ssl_conf):
+        utils.run_commands([
+            'grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf',
+            'mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old',
+        ])
+    # Check if a custom SSL certificate is used
+    ssl_conf = '/etc/nginx/conf.d/ssl_certificate.conf'
     if not os.path.exists(ssl_conf):
         utils.log('The SSL configuration file "%s" does not exist, letsencrypt will not be used.' % ssl_conf)
         return
@@ -52,7 +59,7 @@ def setup(interactive=True):
         'certbot certonly --agree-tos --no-eff-email --rsa-key-size 4096 --webroot --webroot-path /tmp/letsencrypt --domains "%s" --email sysadmin@ubicast.eu' % (','.join(domains)),
     ]
     utils.run_commands(cmds)
-    # Update Nginx configuration in ssl.conf
+    # Update Nginx configuration in ssl_certificate.conf
     ssl_cert = '/etc/letsencrypt/live/%s/fullchain.pem' % domains[0]
     ssl_key = '/etc/letsencrypt/live/%s/privkey.pem' % domains[0]
     if not os.path.exists(ssl_cert):
-- 
GitLab