letsencrypt: Update r3 certificate

[shutils.git] / letsencrypt / renewal.sh

diff --git a/letsencrypt/renewal.sh b/letsencrypt/renewal.sh
index e6a4658f8b39c89759437b6d0bd253aa1055fc8e..1e2e11e96f44ef86078b8dc7f673323f8c570a66 100644 (file)
--- a/letsencrypt/renewal.sh
+++ b/letsencrypt/renewal.sh
@@ -13,8 +13,8 @@ PORT80=$(lsof -ti :80 | wc -l)
 if [ $PORT80 = 0 ]; then
   cd /var/www/challenges
   nohup python3 -m http.server 80 > /dev/null 2>&1 &
-  iptables -A INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-  ip6tables -A INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  /usr/sbin/iptables -A INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  /usr/sbin/ip6tables -A INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
 fi
 
 
@@ -26,7 +26,7 @@ for i in `seq 1 3`; do
        > signed_new.crt 2>> ${LOGFILE}
   then
 
-    wget -q -O chain_new.pem https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
+    wget -q -O chain_new.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem
 
     # Check that the cert is valid.
     if openssl verify -CAfile chain_new.pem signed_new.crt; then
@@ -55,7 +55,7 @@ done
 
 # Stop temp web server and close port 80 if needed.
 if [ $PORT80 = 0 ]; then
-  iptables -D INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-  ip6tables -D INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  /usr/sbin/iptables -D INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
+  /usr/sbin/ip6tables -D INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
   pkill -f http.server
 fi