X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-cert-cron;h=99563a98ad4a61b12c19b7b33545a07554c33789;hb=2c39d0edb4d64c34356b8d5d6b65a25ee7aab040;hp=cee75684887c76bd2413cc1abb3bd45003cf5746;hpb=b18dade73dedfe69aa741f8417947d83c4208f2d;p=distro-setup

diff --git a/mail-cert-cron b/mail-cert-cron
index cee7568..99563a9 100755
--- a/mail-cert-cron
+++ b/mail-cert-cron
@@ -5,7 +5,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
 case $1 in
-  # for first run, accept host key
+  # For first run, accept host key. Note, known_hosts is saved in /p.
   -1)
     opt=(-e 'ssh -oStrictHostKeyChecking=no')
     ;;
@@ -20,7 +20,7 @@ case $HOSTNAME in
   $MAIL_HOST|bk)
     local_mx=mail.iankelling.org
     # ||: is to allow for temporary connection issues.
-    rsync ${opt[@]} -ogtL --chown=root:Debian-exim --chmod=640 \
+    rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
           root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||:
     if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
       echo "$0: error!: cert rsync failed and it will expire in less than 3 days"