X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/852e345dc7c1b6fb6f8209546830d7b15b98954c..94bc2547691be970aac3d9a66e9d8d7fe8609e9a:/cookbooks/letsencrypt/templates/default/request.erb?ds=sidebyside

diff --git a/cookbooks/letsencrypt/templates/default/request.erb b/cookbooks/letsencrypt/templates/default/request.erb
index eaefa5bbe..8bb2847ca 100644
--- a/cookbooks/letsencrypt/templates/default/request.erb
+++ b/cookbooks/letsencrypt/templates/default/request.erb
@@ -2,6 +2,11 @@
 
 # DO NOT EDIT - This file is being maintained by Chef
 
+if [ "$(id -un)" != "letsencrypt" ]; then
+    echo "Error: This script must be run as user letsencrypt" >&2
+    exit 1
+fi
+
 /usr/bin/certbot certonly \
     --non-interactive \
     --config-dir /srv/acme.openstreetmap.org/config \
@@ -10,12 +15,11 @@
     --email operations@osmfoundation.org \
     --agree-tos \
     --expand \
+    --renew-with-new-domains \
+    --cert-name <%= @domains.first %> \
 <% @domains.each do |domain| -%>
     --domain <%= domain %> \
 <% end -%>
     --webroot \
-    --webroot-path /srv/acme.openstreetmap.org/html
-
-/srv/acme.openstreetmap.org/bin/upload \
-    <%= @domains.first %> \
-    /srv/acme.openstreetmap.org/config/live/<%= @domains.first %>
+    --webroot-path /srv/acme.openstreetmap.org/html \
+    --deploy-hook /srv/acme.openstreetmap.org/bin/deploy-hook