# =======================
#  SSL CERT UPDATE SCRIPT
# =======================
 
# Variables - customize as needed
DOMAIN="{{DOMAIN_GRAFANA}}"                     # your domain or identifier
CERT_DIR="{{CERT_DIR_NGINX}}"                  # folder where Nginx reads certs
NEW_CERT="{{PATH_NEW_CERT_PEM}}"               # new certificate file
NEW_KEY="{{PATH_NEW_CERT_KEY}}"                # new private key file
 
# Step 0: Create backup folder with timestamp
BACKUP_DIR="$CERT_DIR/backup_$(date +%F_%H%M)"
sudo mkdir -p "$BACKUP_DIR"
 
# Step 1: Backup existing certs
sudo cp "$CERT_DIR/server.crt" "$BACKUP_DIR/"
sudo cp "$CERT_DIR/server.key" "$BACKUP_DIR/"
 
# Step 2: Copy new certs
sudo cp "$NEW_CERT" "$CERT_DIR/server.crt"
sudo cp "$NEW_KEY" "$CERT_DIR/server.key"
 
# Step 3: Set permissions
sudo chmod 644 "$CERT_DIR/server.crt"
sudo chmod 600 "$CERT_DIR/server.key"
sudo chown root:root "$CERT_DIR/"*
 
# Step 4: Test Nginx config
sudo nginx -t && echo "Nginx config is OK ✅" || echo "Nginx config has errors ❌"
 
# Step 5: Reload Nginx
sudo systemctl reload nginx && echo "Nginx reloaded ✅"

openssl s_client -connect {{DOMAIN_GRAFANA}}:443 -servername {{DOMAIN_GRAFANA}}