hakurei.app/certbot-replicate
Daniel Micay 298c357bc9 handle Let's Encrypt removing OCSP support
We can no longer use OCSP stapling and Must-Staple. These will soon be
obsolete once the `shortlived` profile is available for public use since
it will provide certificates with a similar lifetime as OCSP responses.

In the meantime, we've moved to the `tlsserver` profile stripping legacy
features to prepare for the `shortlived` profile which will be identical
to `tlsserver` but with a validity period of 6 days.
2025-05-04 23:46:56 -04:00

19 lines
355 B
Bash
Executable File

#!/bin/bash
set -o errexit -o nounset -o pipefail
status=0
replicas=({1..3}.grapheneos.org)
for replica in ${replicas[@]}; do
echo
echo Deploying to $replica
echo
rsync -rpcvl --delete --fsync --preallocate /etc/letsencrypt/ $replica:/etc/letsencrypt &&
ssh root@$replica nginx -s reload ||
status=1
done
exit $status