Files
myron b60db8a0d0 Initial infrastructure: NPM + Mailcow on Proxmox
- VM 200: Nginx Proxy Manager (10.48.200.80)
- VM 201: Mailcow email server (10.48.200.82)
- Cloud-init automation for both VMs
- FortiGate VIP/policy documentation
- DNS records for web.orbishosting.com
- NPM proxy host setup guide
- Mailcow post-install checklist
- Cert sync script (NPM → Mailcow)

External IP: 97.176.15.26
2026-04-23 04:37:56 +00:00

47 lines
1.5 KiB
Bash

#!/bin/bash
# Sync SSL certificates from NPM to Mailcow
# Run on the NPM VM (10.48.200.80) via cron after cert renewal
#
# Cron entry (on NPM VM): 0 3 * * * /opt/sync-certs.sh
#
# Prerequisites:
# 1. SSH key from NPM VM to Mailcow VM is set up (no password needed)
# Run on NPM VM: ssh-keygen -t ed25519 -f ~/.ssh/mailcow_sync
# Run on Mailcow VM: echo "<pub key>" >> ~/.ssh/authorized_keys
#
# 2. DOMAIN below matches the cert folder in NPM's letsencrypt directory
set -euo pipefail
DOMAIN="mail.web.orbishosting.com"
MAILCOW_HOST="10.48.200.82"
MAILCOW_USER="ubuntu"
MAILCOW_SSH_KEY="/root/.ssh/mailcow_sync"
NPM_CERT_DIR="/opt/npm/letsencrypt/live/${DOMAIN}"
MAILCOW_CERT_DIR="/opt/mailcow-dockerized/data/assets/ssl"
# Check if cert exists
if [ ! -f "${NPM_CERT_DIR}/fullchain.pem" ]; then
echo "ERROR: Certificate not found at ${NPM_CERT_DIR}"
echo "Make sure the NPM proxy host for ${DOMAIN} has an active SSL cert."
exit 1
fi
echo "Syncing certs for ${DOMAIN} to Mailcow at ${MAILCOW_HOST}..."
# Copy certs to Mailcow
scp -i "${MAILCOW_SSH_KEY}" \
"${NPM_CERT_DIR}/fullchain.pem" \
"${MAILCOW_USER}@${MAILCOW_HOST}:${MAILCOW_CERT_DIR}/cert.pem"
scp -i "${MAILCOW_SSH_KEY}" \
"${NPM_CERT_DIR}/privkey.pem" \
"${MAILCOW_USER}@${MAILCOW_HOST}:${MAILCOW_CERT_DIR}/key.pem"
# Reload Mailcow services that use the cert
ssh -i "${MAILCOW_SSH_KEY}" "${MAILCOW_USER}@${MAILCOW_HOST}" \
"cd /opt/mailcow-dockerized && sudo docker compose restart postfix-mailcow dovecot-mailcow nginx-mailcow"
echo "Done. Certs synced and Mailcow services restarted."