2018-12-23 15:20:42 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# stop services
|
|
|
|
|
echo "making sure services are not running"
|
|
|
|
|
sudo systemctl stop lnd 2>/dev/null
|
|
|
|
|
|
2019-03-15 14:43:35 +01:00
|
|
|
echo "keep old tls data as backup"
|
|
|
|
|
sudo mv /mnt/hdd/lnd/tls.cert /mnt/hdd/lnd/tls.cert.old
|
|
|
|
|
sudo mv /mnt/hdd/lnd/tls.key /mnt/hdd/lnd/tls.key.old
|
|
|
|
|
|
2018-12-23 15:20:42 +01:00
|
|
|
echo "let lnd generate new TLSCert"
|
|
|
|
|
sudo -u bitcoin /usr/local/bin/lnd &>/dev/null &
|
|
|
|
|
echo "wait until generated"
|
|
|
|
|
newCertExists=0
|
|
|
|
|
count=0
|
|
|
|
|
while [ ${newCertExists} -eq 0 ]
|
|
|
|
|
do
|
|
|
|
|
count=$(($count + 1))
|
|
|
|
|
echo "(${count}/60) check for cert"
|
|
|
|
|
if [ ${count} -gt 60 ]; then
|
|
|
|
|
echo "FAIL - was not able to generate new LND certs"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
newCertExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c '.cert')
|
|
|
|
|
sleep 2
|
|
|
|
|
done
|
|
|
|
|
sudo killall /usr/local/bin/lnd
|
2020-01-16 12:23:19 +01:00
|
|
|
sudo chmod 664 /mnt/hdd/lnd/tls.cert
|
2020-05-01 00:26:41 +02:00
|
|
|
sudo chown bitcoin:bitcoin "/mnt/hdd/lnd/tls.cert"
|
|
|
|
|
echo "symlink new cert to lnd app-data directory"
|
|
|
|
|
if ! [[ -L "/mnt/hdd/app-data/lnd/tls.cert" ]]; then
|
|
|
|
|
sudo rm -rf "/mnt/hdd/app-data/lnd/tls.cert" # not a symlink.. delete it silently
|
|
|
|
|
sudo ln -s /mnt/hdd/lnd/tls.cert /home/admin/.lnd/tls.cert # and create symlink
|
|
|
|
|
fi
|
2020-05-01 00:19:24 +02:00
|
|
|
echo "OK TLS certs are fresh"
|
|
|
|
|
|
2020-05-01 00:43:26 +02:00
|
|
|
# ToDo(frennkie) why doesn't this start lnd again? - I assume as _background will start it anyway?!
|
2020-05-01 00:19:24 +02:00
|
|
|
# ToDo(frennkie) the way LND generates the x509 certificate is not ideal -
|
2020-05-01 11:15:32 +02:00
|
|
|
# it may be better to simply run openssl and create a cert with our settings...
|
