hook.sh

   1 #!/bin/sh
   2
   3 # concat file atomic way
   4 atomic_concat() {
   5         local file=$1; shift
   6         > $file.new
   7         chmod 600 $file.new
   8         cat "$@" > $file.new
   9         cp -f $file $file.dehydrated~
  10         mv -f $file.new $file
  11 }
  12
  13 lighttpd_reload() {
  14         if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
  15                 return
  16         fi
  17
  18         echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
  19         atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
  20         /sbin/service lighttpd reload
  21 }
  22
  23 haproxy_reload() {
  24         if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
  25                 return
  26         fi
  27
  28         echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
  29         atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
  30         /sbin/service haproxy reload
  31 }
  32
  33 nginx_reload() {
  34         if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
  35                 return
  36         fi
  37
  38         echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
  39         atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
  40         atomic_concat /etc/nginx/server.key "$PRIVKEY"
  41         /sbin/service nginx reload
  42 }
  43
  44 httpd_reload() {
  45         if [ ! -x /etc/rc.d/init.d/httpd ]; then
  46                 return
  47         fi
  48
  49         echo " + Hook: Reloading Apache 2..."
  50         atomic_concat /etc/httpd/ssl/server.crt "$FULLCHAINCERT"
  51         atomic_concat /etc/httpd/ssl/server.key "$PRIVKEY"
  52         /sbin/service httpd graceful
  53 }
  54
  55 case "$1" in
  56 deploy_cert)
  57         DOMAIN="$2"
  58         PRIVKEY="$3"
  59         CERT="$4"
  60         FULLCHAINCERT="$5"
  61         CHAINCERT="$6"
  62         TIMESTAMP="$7"
  63
  64         lighttpd_reload
  65         nginx_reload
  66         httpd_reload
  67         haproxy_reload
  68         ;;
  69 clean_challenge)
  70         CHALLENGE_TOKEN="$2"
  71         KEYAUTH="$3"
  72         echo " + Hook: $1: Nothing to do..."
  73         ;;
  74 deploy_challenge)
  75         echo " + Hook: $1: Nothing to do..."
  76         ;;
  77 unchanged_cert)
  78         echo " + Hook: $1: Nothing to do..."
  79         ;;
  80 *)
  81         echo " + Hook: $1: Nothing to do..."
  82         ;;
  83 esac