298c357bc9
We can no longer use OCSP stapling and Must-Staple. These will soon be obsolete once the `shortlived` profile is available for public use since it will provide certificates with a similar lifetime as OCSP responses. In the meantime, we've moved to the `tlsserver` profile stripping legacy features to prepare for the `shortlived` profile which will be identical to `tlsserver` but with a validity period of 6 days.
19 lines
355 B
Bash
Executable File
19 lines
355 B
Bash
Executable File
#!/bin/bash
|
|
|
|
set -o errexit -o nounset -o pipefail
|
|
|
|
status=0
|
|
replicas=({1..3}.grapheneos.org)
|
|
|
|
for replica in ${replicas[@]}; do
|
|
echo
|
|
echo Deploying to $replica
|
|
echo
|
|
|
|
rsync -rpcvl --delete --fsync --preallocate /etc/letsencrypt/ $replica:/etc/letsencrypt &&
|
|
ssh root@$replica nginx -s reload ||
|
|
status=1
|
|
done
|
|
|
|
exit $status
|