Fixes renewing let's encrypt certificates when using jetty.

Uses webroot for obtaining certificate, avoids stopping jitsi-videobridge before obtaining certificate.
Adds a renew hook, where we reload apache or nginx and try to graceful shutdown jvb and restart it.
Before merging this we need to make sure graceful shutdown is enabled by default and also pubsub is enabled by default so after restarting jvb, jicofo will discover it.

resources/install-letsencrypt-cert.sh

@@ -30,7 +30,7 @@ fi
 
 CRON_FILE="/etc/cron.weekly/letsencrypt-renew"
 echo "#!/bin/bash" > $CRON_FILE
-echo "/usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log" >> $CRON_FILE
+echo "/usr/local/sbin/certbot-auto --renew-hook '/usr/share/jitsi-meet/scripts/renew-letsencrypt-cert.sh' renew >> /var/log/le-renew.log" >> $CRON_FILE
 
 CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
 CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
@@ -54,7 +54,6 @@ if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
     sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \
         $CONF_FILE
 
-    echo "service nginx reload" >> $CRON_FILE
     service nginx reload
 
 elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
@@ -76,13 +75,11 @@ elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
     sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \
         $CONF_FILE
 
-    echo "service apache2 reload" >> $CRON_FILE
     service apache2 reload
 else
-    service jitsi-videobridge stop
 
     ./certbot-auto certonly --noninteractive \
-    --standalone \
+    --webroot --webroot-path /usr/share/jitsi-meet \
     -d $DOMAIN \
     --agree-tos --email $EMAIL
 
@@ -97,7 +94,14 @@ else
         -srckeystore $CERT_P12 -srcstoretype pkcs12 \
         -noprompt -storepass changeit -srcstorepass changeit
 
-    service jitsi-videobridge start
+    PIDFILE=/var/run/jitsi-videobridge.pid
+    if [ -f $PIDFILE ]; then
+        PID=$(cat $PIDFILE)
+
+        /usr/share/jitsi-videobridge/graceful_shutdown.sh $PID || true
+    fi
+
+    service jitsi-videobridge restart
 
 fi
 

resources/renew-letsencrypt-cert.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -e
+
+#
+# This script is executed once a Let’s Encrypt certificate had been renewed
+# we reload web servers or in case of jetty we restart jvb
+# In future we need to implement reloading jvb, which will reload the jetty
+#
+
+DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`
+DOMAIN="${DEB_CONF_RESULT##*:}"
+# remove whitespace
+DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"
+
+if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
+    service nginx reload
+elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
+    service apache2 reload
+else
+    PIDFILE=/var/run/jitsi-videobridge.pid
+    if [ -f $PIDFILE ]; then
+        PID=$(cat $PIDFILE)
+
+        /usr/share/jitsi-videobridge/graceful_shutdown.sh $PID || true
+    fi
+
+    service jitsi-videobridge restart
+fi