stop nginx and retrieve letsencrypt cert

2016-02-11 01:37:00 +05:30 · 2016-02-11 01:37:00 +05:30 · b42334ad96
commit b42334ad96
parent 1babca66f4
2 changed files with 10 additions and 3 deletions
--- a/debian/gitlab.templates
+++ b/debian/gitlab.templates
@ -25,7 +25,8 @@ _Description: Enable https?
 (startssl.com) or WoSign (buy.wosign.com/free) offer free SSL certificates.
 .
 letsencrypt package may be used to automate interaction with Let’s Encrypt to
- obtain a certificate.
+ obtain a certificate. Nginx must be reloaded after the certificate and key
+ files are made available at /etc/gitlab/ssl.

 Template: gitlab/letsencrypt
 Type: boolean
@ -38,5 +39,6 @@ _Description: Use Let's Encrypt?
 Otherwise, certificate and key files have to be placed manually to
 /etc/gitlab/ssl directory as 'gitlab.crt' and 'gitlab.key'.
 .
- Nginx must be reloaded after the certificate and key files are made available
- at /etc/gitlab/ssl.
+ Nginx will be stopped, if this option is selected, to allow letsencrypt to use
+ ports 80 and 443 during domain ownership validation and certificate retrieval
+ step.
--- a/debian/postinst
+++ b/debian/postinst
@ -86,6 +86,9 @@ case "$1" in
          /etc/gitlab/ssl/gitlab.crt
          ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
          /etc/gitlab/ssl/gitlab.key
+	  # Port 80 and 443 should be available for letsencrypt
+	  invoke-rc.d nginx stop
+	  letsencrypt -d ${GITLAB_HOST} certonly
        fi
      fi

@ -98,6 +101,8 @@ case "$1" in
        echo "nginx example configuration file not found"
        exit 1
      fi
+      # Start nginx
+      invoke-rc.d nginx start
    else
      echo "Failed to retrieve fully qualified domain name"
      exit 1