[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+interactive=false
case $1 in
# For first run, accept host key. Note, known_hosts is saved in /p.
-1)
opt=(-e 'ssh -oStrictHostKeyChecking=no')
+ shift
+ ;;
+ -i)
+ interactive=true
+ shift
;;
esac
source $f
fi
+try() {
+ local ret=0
+ "$@" || ret=$?
+ if $interactive && (( ret >=1 )); then
+ echo "$0: ERROR: exit $ret on: $*"
+ fi
+}
+
+# note: when certificate is expired, you will get this in /var/log/mail.log when k-9 mail tries to fetch:
+# imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.8.0.4, TLS handshaking: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46, session=<EsdzzmAWosNKXpza
+
case $HOSTNAME in
$MAIL_HOST|bk)
# ||: is to allow for temporary connection issues.
- rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
- root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||:
+ try rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
+ root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4
if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
exit 1