#!/bin/bash # Sync SSL certificates from NPM to Mailcow # Run on the NPM VM (10.48.200.80) via cron after cert renewal # # Cron entry (on NPM VM): 0 3 * * * /opt/sync-certs.sh # # Prerequisites: # 1. SSH key from NPM VM to Mailcow VM is set up (no password needed) # Run on NPM VM: ssh-keygen -t ed25519 -f ~/.ssh/mailcow_sync # Run on Mailcow VM: echo "" >> ~/.ssh/authorized_keys # # 2. DOMAIN below matches the cert folder in NPM's letsencrypt directory set -euo pipefail DOMAIN="mail.web.orbishosting.com" MAILCOW_HOST="10.48.200.82" MAILCOW_USER="ubuntu" MAILCOW_SSH_KEY="/root/.ssh/mailcow_sync" NPM_CERT_DIR="/opt/npm/letsencrypt/live/${DOMAIN}" MAILCOW_CERT_DIR="/opt/mailcow-dockerized/data/assets/ssl" # Check if cert exists if [ ! -f "${NPM_CERT_DIR}/fullchain.pem" ]; then echo "ERROR: Certificate not found at ${NPM_CERT_DIR}" echo "Make sure the NPM proxy host for ${DOMAIN} has an active SSL cert." exit 1 fi echo "Syncing certs for ${DOMAIN} to Mailcow at ${MAILCOW_HOST}..." # Copy certs to Mailcow scp -i "${MAILCOW_SSH_KEY}" \ "${NPM_CERT_DIR}/fullchain.pem" \ "${MAILCOW_USER}@${MAILCOW_HOST}:${MAILCOW_CERT_DIR}/cert.pem" scp -i "${MAILCOW_SSH_KEY}" \ "${NPM_CERT_DIR}/privkey.pem" \ "${MAILCOW_USER}@${MAILCOW_HOST}:${MAILCOW_CERT_DIR}/key.pem" # Reload Mailcow services that use the cert ssh -i "${MAILCOW_SSH_KEY}" "${MAILCOW_USER}@${MAILCOW_HOST}" \ "cd /opt/mailcow-dockerized && sudo docker compose restart postfix-mailcow dovecot-mailcow nginx-mailcow" echo "Done. Certs synced and Mailcow services restarted."