]>
Commit | Line | Data |
---|---|---|
3870bab0 | 1 | #!/bin/sh |
f60f554e ER |
2 | # based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script |
3 | ||
3870bab0 ER |
4 | set -eu |
5 | ||
6 | # concat file atomic way | |
7 | atomic_concat() { | |
8 | local file=$1; shift | |
9 | > $file.new | |
10 | chmod 600 $file.new | |
11 | cat "$@" > $file.new | |
12 | cp -f $file $file.dehydrated~ | |
13 | mv -f $file.new $file | |
14 | } | |
15 | ||
16 | lighttpd_reload() { | |
17 | if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then | |
18 | return | |
19 | fi | |
20 | ||
21 | echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..." | |
22 | atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY" | |
23 | /sbin/service lighttpd reload | |
24 | } | |
25 | ||
26 | haproxy_reload() { | |
27 | if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then | |
28 | return | |
29 | fi | |
30 | ||
31 | echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..." | |
32 | atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY" | |
33 | /sbin/service haproxy reload | |
34 | } | |
35 | ||
36 | nginx_reload() { | |
37 | if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then | |
38 | return | |
39 | fi | |
40 | ||
41 | echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..." | |
42 | atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT" | |
43 | atomic_concat /etc/nginx/server.key "$PRIVKEY" | |
44 | /sbin/service nginx reload | |
45 | } | |
46 | ||
47 | httpd_reload() { | |
48 | if [ ! -x /etc/rc.d/init.d/httpd ]; then | |
49 | return | |
50 | fi | |
51 | ||
30b951d8 ER |
52 | echo " + Hook: Reloading Apache 2..." |
53 | atomic_concat /etc/httpd/ssl/server.crt "$FULLCHAINCERT" | |
54 | atomic_concat /etc/httpd/ssl/server.key "$PRIVKEY" | |
3870bab0 ER |
55 | /sbin/service httpd graceful |
56 | } | |
f60f554e ER |
57 | |
58 | case "$1" in | |
59 | "deploy_challenge") | |
60 | echo "" | |
61 | echo "Add the following to the zone definition of ${2}:" | |
62 | echo "'_acme-challenge.${2}:${4}:300" | |
63 | echo "" | |
64 | echo -n "Press enter to continue..." | |
65 | read tmp | |
66 | echo "" | |
67 | ;; | |
68 | "clean_challenge") | |
69 | echo "" | |
70 | echo "Now you can remove the following from the zone definition of ${2}:" | |
71 | echo "'_acme-challenge.${2}:${4}:300" | |
72 | echo "" | |
73 | echo -n "Press enter to continue..." | |
74 | read tmp | |
75 | echo "" | |
76 | ;; | |
77 | "deploy_cert") | |
78 | DOMAIN="$2" | |
79 | PRIVKEY="$3" | |
80 | CERT="$4" | |
81 | FULLCHAINCERT="$5" | |
82 | CHAINCERT="$6" | |
83 | TIMESTAMP="$7" | |
3870bab0 ER |
84 | |
85 | lighttpd_reload | |
86 | nginx_reload | |
87 | httpd_reload | |
88 | haproxy_reload | |
f60f554e ER |
89 | ;; |
90 | "unchanged_cert") | |
91 | # do nothing for now | |
92 | ;; | |
93 | *) | |
94 | echo "Unknown hook \"${1}\"" | |
95 | exit 1 | |
96 | ;; | |
97 | esac | |
98 | ||
99 | exit 0 |