remove ssl staging

2025-07-03 10:25:50 -05:00 · 2025-07-03 10:25:50 -05:00 · 438d8cb34c
commit 438d8cb34c
parent e035db829f
4 changed files with 57 additions and 3 deletions
--- a/README.letsencrypt.md
+++ b/README.letsencrypt.md
@ -18,7 +18,26 @@ This repository has been configured to automatically obtain and renew SSL certif
   Additionally, modify if needed:
   - `domains` - The domain(s) you want certificates for
   - `rsa_key_size` - The RSA key size (default: 4096)
-   - Remove the `--staging` flag after you've verified everything works
+   - The `stagingflag` variable has been set to empty string to use production certificates
+
+   **Note:** When switching from staging to production certificates, you'll need to completely remove the existing certificates. You can use the included cleanup script:
+
+   ```bash
+   chmod +x cleanup-certificates.sh
+   ./cleanup-certificates.sh
+   ```
+
+   Or manually clean up with:
+   ```bash
+   docker-compose down
+   rm -rf ./data/certbot/conf/live
+   rm -rf ./data/certbot/conf/archive
+   rm -rf ./data/certbot/conf/renewal
+   mkdir -p ./data/certbot/conf
+   docker-compose up -d
+   ```
+
+   **Important:** Ensure you've set `stagingflag=""` in the init-letsencrypt.sh script before running this cleanup.

 2. **Directory Structure**

--- a/cleanup-certificates.sh
+++ b/cleanup-certificates.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+
+# This script will clean up all certificates and start fresh
+echo "Stopping containers..."
+docker-compose down
+
+echo "Removing certificate data..."
+rm -rf ./data/certbot/conf/live
+rm -rf ./data/certbot/conf/archive
+rm -rf ./data/certbot/conf/renewal
+
+echo "Ensuring directory structure exists..."
+mkdir -p ./data/certbot/conf
+mkdir -p ./data/certbot/www
+
+echo "Starting containers to obtain fresh certificates..."
+docker-compose up -d
+
+echo "Done! Check the logs with: docker-compose logs sessionzero"
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -1,6 +1,17 @@
 #!/bin/bash
 set -e

+# Check for staging certificates
+if [ -f /etc/letsencrypt/live/web.sessionzero.app/cert.pem ]; then
+    # Check if it's a staging certificate
+    if grep -q "STAGING" /etc/letsencrypt/live/web.sessionzero.app/cert.pem; then
+        echo "Staging certificate detected. Cleaning up for production certificate..."
+        rm -rf /etc/letsencrypt/live/web.sessionzero.app
+        rm -rf /etc/letsencrypt/archive/web.sessionzero.app
+        rm -f /etc/letsencrypt/renewal/web.sessionzero.app.conf
+    fi
+fi
+
 # Check if we have certificates already
 if [ ! -d /etc/letsencrypt/live/web.sessionzero.app ]; then
    echo "No certificates found, running init script..."
--- a/init-letsencrypt.sh
+++ b/init-letsencrypt.sh
@ -1,11 +1,16 @@
 #!/bin/bash

 domains=(web.sessionzero.app)
-email="" # Add your email for Let's Encrypt notifications
+email="chrisbell@bellsworne.com" # Replace with your actual email
 rsa_key_size=4096

 data_path="/etc/letsencrypt"
-stagingflag="--staging"
+stagingflag="" # Using production certificates
+
+echo "### Cleaning any existing certificate data..."
+rm -rf "$data_path/live/$domains"
+rm -rf "$data_path/archive/$domains"
+rm -f "$data_path/renewal/$domains.conf"

 echo "### Creating certificate directories..."
 mkdir -p "$data_path/www"