Update regenerate_certificate.md

regenerate_certificate.md

@@ -1,6 +1,6 @@
 # Regenerate certificate
 
-If you want to generate again -- not renewing -- a certificate for domain, you can follow those steps: 
+If you want to generate again -- not renewing -- a certificate for a domain, you can follow those steps: 
 
 (replace **example.org** with your domain)
 
@@ -8,33 +8,36 @@ If you want to generate again -- not renewing -- a certificate for domain, you c
 # Save YunoHost's SSL directory location for readability
 ssldir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
 
-# Backup current certificates for your domain
-cp -a /etc/yunohost/certs/example.org /etc/yunohost/certs/example.org.back
-
-# Remove certs and configuration file in it
-rm /etc/yunohost/certs/example.org/{crt.pem,key.pem,openssl.cnf}
-
-# Copy openSSL's configuration file
-cp $ssldir/openssl.cnf /etc/yunohost/certs/
+# Save the final SSL path (do not forget to change your domain)
+finalpath=/etc/yunohost/certs/example.org
 
 # Save the serial number of the new certificate
 serial=$(cat "$ssldir/serial")
 
+# Backup current certificates for your domain
+cp -a $finalpath $finalpath.back
+
+# Remove certs and configuration file in it
+rm $finalpath/{crt.pem,key.pem,openssl.cnf}
+
+# Copy openSSL's configuration file
+cp $ssldir/openssl.cnf $finalpath/
+
 # Generate certificate and key
-openssl req -new -config /etc/yunohost/certs/openssl.cnf -days 3650 -out $ssldir/certs/yunohost_csr.pem -keyout $ssldir/certs/yunohost_key.pem -nodes -batch
+openssl req -new -config $finalpath/openssl.cnf -days 3650 -out $ssldir/certs/yunohost_csr.pem -keyout $ssldir/certs/yunohost_key.pem -nodes -batch
 
 # Sign certificate with your server's CA
-openssl ca -config /etc/yunohost/certs/openssl.cnf -days 3650 -in $ssldir/certs/yunohost_csr.pem -out $ssldir/certs/yunohost_crt.pem -batch
+openssl ca -config $finalpath/openssl.cnf -days 3650 -in $ssldir/certs/yunohost_csr.pem -out $ssldir/certs/yunohost_crt.pem -batch
 
 # Copy certificate and key to the right place
-cp $ssldir/newcerts/$serial.pem /etc/yunohost/certs/crt.pem
-cp $ssldir/certs/yunohost_key.pem /etc/yunohost/certs/key.pem
+cp $ssldir/newcerts/$serial.pem $finalpath/crt.pem
+cp $ssldir/certs/yunohost_key.pem $finalpath/key.pem
 
 # Fix permissions
-chmod 755 /etc/yunohost/certs
-chmod 640 /etc/yunohost/certs/key.pem /etc/yunohost/certs/crt.pem
-chmod 600 /etc/yunohost/certs/openssl.cnf
+chmod 755 $finalpath
+chmod 640 $finalpath/key.pem $finalpath/crt.pem
+chmod 600 $finalpath/openssl.cnf
 
 # Allow metronome to access those certificates
-chown root:metronome /etc/yunohost/certs/key.pem /etc/yunohost/certs/crt.pem
+chown root:metronome $finalpath/key.pem $finalpath/crt.pem
 ```