regenerate postfix cert script

regenerate-mail-cert.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -x
+set -e
+
+domain="$1"
+passphrase_file="${domain}.passphrase"
+key_file="${domain}.key"
+csr_file="${domain}.csr"
+cert_file="${domain}.crt"
+key_nopass_file="${domain}.nopass.key"
+ca_key_file="${domain}.ca.key"
+ca_cert_file="${domain}.ca.crt"
+postfix_dir="/etc/postfix/${domain}"
+
+head -c 36 /dev/urandom | base64 >"$passphrase_file"
+
+openssl genrsa -aes128 -passout "file:$passphrase_file" -out "$key_file" 2048
+openssl req -new -key "$key_file" -out "$csr_file" -passin "file:$passphrase_file" \
+  -subj "/CN=$domain/O=Shanti Chellaram/C=US/ST=New York/L=New York"
+
+openssl x509 -req -days 365 -in "$csr_file" -signkey "$key_file" -out "$cert_file" -passin "file:$passphrase_file"
+
+openssl rsa -passin "file:$passphrase_file" -in "$key_file" -out "$key_nopass_file"
+
+openssl req -new -x509 -extensions v3_ca -keyout "$ca_key_file" -out "$ca_cert_file" -days 3650 -passout "file:$passphrase_file"\
+  -subj "/CN=$domain/O=Shanti Chellaram/C=US/ST=New York/L=New York"
+
+chmod 0600 "$key_file" "$key_nopass_file" "$ca_key_file"
+
+mkdir "$postfix_dir"
+chmod 0700 "$postfix_dir"
+
+cp "$key_nopass_file" "$cert_file" "$ca_cert_file" "$postfix_dir"
+
+chown -R postfix:postfix "$postfix_dir"
+
+#client options
+postconf -e 'smtp_use_tls = yes'
+postconf -e 'smtp_tls_note_starttls_offer = yes'
+
+#server options
+postconf -e 'smtpd_use_tls = yes'
+postconf -e "smtpd_tls_key_file = ${postfix_dir}/${key_nopass_file}"
+postconf -e "smtpd_tls_cert_file = ${postfix_dir}/${cert_file}"
+postconf -e "smtpd_tls_CAfile = ${postfix_dir}/${ca_cert_file}"
+
+postconf -e 'smtpd_tls_loglevel = 1'
+postconf -e 'smtpd_tls_received_header = yes'
+postconf -e 'mydomain = shanti.im'
+postconf -e 'myhostname = mail.shanti.im'
+
+rc-service postfix restart