cleanup old certs in kvmd-gencert

scripts/kvmd-gencert

@@ -22,8 +22,9 @@
 
 
 set -e
+export LC_ALL=C
 
-if [ `whoami` != root ]; then
+if [ "$(whoami)" != root ]; then
 	echo "Only root can do that"
 	exit 1
 fi
@@ -36,28 +37,27 @@ if [ "$1" != --do-the-thing ]; then
 	exit 1
 fi
 
-target="nginx"
+target=nginx
 if [ "$2" == --vnc ]; then
-	target="vnc"
+	target=vnc
 fi
-
-# XXX: Why ECC?
-# https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
-# https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
-# https://msol.io/blog/tech/create-a-self-signed-ecc-certificate
+path="/etc/kvmd/$target/ssl"
 
 set -x
 
-export LC_ALL=C
-
-mkdir -p /etc/kvmd/$target/ssl
-cd /etc/kvmd/$target/ssl
+mkdir -p "$path"
+rm -f "$path"/*
+cd "$path"
 
+# XXX: Why ECC?
+#   - https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
+#   - https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
+#   - https://msol.io/blog/tech/create-a-self-signed-ecc-certificate
 openssl ecparam -out server.key -name prime256v1 -genkey
 openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \
 	-subj "/C=RU/ST=Moscow/L=Moscow/O=PiKVM/OU=PiKVM/CN=localhost"
 
-chown root:kvmd-$target /etc/kvmd/$target/ssl/*
-chmod 440 server.key
-chmod 444 server.crt
-chmod 755 /etc/kvmd/$target/ssl
+chown "root:kvmd-$target" "$path"/*
+chmod 440 "$path/server.key"
+chmod 444 "$path/server.crt"
+chmod 755 "$path"