X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/e45031ca0ddc8f9b7b9a7bae381650b3c9309a23..94bc2547691be970aac3d9a66e9d8d7fe8609e9a:/cookbooks/letsencrypt/templates/default/request.erb

diff --git a/cookbooks/letsencrypt/templates/default/request.erb b/cookbooks/letsencrypt/templates/default/request.erb
index 365b315a7..8bb2847ca 100644
--- a/cookbooks/letsencrypt/templates/default/request.erb
+++ b/cookbooks/letsencrypt/templates/default/request.erb
@@ -2,21 +2,24 @@
 
 # DO NOT EDIT - This file is being maintained by Chef
 
+if [ "$(id -un)" != "letsencrypt" ]; then
+    echo "Error: This script must be run as user letsencrypt" >&2
+    exit 1
+fi
+
 /usr/bin/certbot certonly \
     --non-interactive \
-    --preferred-chain "DST Root CA X3" \
     --config-dir /srv/acme.openstreetmap.org/config \
     --work-dir /srv/acme.openstreetmap.org/work \
     --logs-dir /srv/acme.openstreetmap.org/logs \
     --email operations@osmfoundation.org \
     --agree-tos \
     --expand \
+    --renew-with-new-domains \
+    --cert-name <%= @domains.first %> \
 <% @domains.each do |domain| -%>
     --domain <%= domain %> \
 <% end -%>
     --webroot \
-    --webroot-path /srv/acme.openstreetmap.org/html
-
-/srv/acme.openstreetmap.org/bin/upload \
-    <%= @domains.first %> \
-    /srv/acme.openstreetmap.org/config/live/<%= @domains.first %>
+    --webroot-path /srv/acme.openstreetmap.org/html \
+    --deploy-hook /srv/acme.openstreetmap.org/bin/deploy-hook