Summary: letsencrypt/acme client implemented as a shell-script
Name: dehydrated
Version: 0.6.1
-Release: 1
+Release: 2
License: MIT
Group: Applications/Networking
Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
Source3: nginx.conf
Source4: domains.txt
Source5: hook.sh
-Source6: crontab
+Source6: hook-dns-01.sh
+Source7: crontab
Patch0: pld.patch
URL: https://github.com/lukas2511/dehydrated
BuildRequires: rpmbuild(macros) >= 1.713
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/nginx.conf
cp -p docs/examples/config $RPM_BUILD_ROOT%{_sysconfdir}
cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}
-cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/cron.d/%{name}
+cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/cron.d/%{name}
install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
+install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf
%clean
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
+%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook-dns-01.sh
%attr(755,root,root) %{_sbindir}/%{name}
%dir %attr(751,root,root) /var/lib/%{name}
%dir %attr(700,root,root) /var/lib/%{name}/accounts
--- /dev/null
+#!/bin/bash
+
+# based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
+
+set -e
+set -u
+set -o pipefail
+
+case "$1" in
+ "deploy_challenge")
+ echo ""
+ echo "Add the following to the zone definition of ${2}:"
+ echo "'_acme-challenge.${2}:${4}:300"
+ echo ""
+ echo -n "Press enter to continue..."
+ read tmp
+ echo ""
+ ;;
+ "clean_challenge")
+ echo ""
+ echo "Now you can remove the following from the zone definition of ${2}:"
+ echo "'_acme-challenge.${2}:${4}:300"
+ echo ""
+ echo -n "Press enter to continue..."
+ read tmp
+ echo ""
+ ;;
+ "deploy_cert")
+ DOMAIN="$2"
+ PRIVKEY="$3"
+ CERT="$4"
+ FULLCHAINCERT="$5"
+ CHAINCERT="$6"
+ TIMESTAMP="$7"
+ if [ -x /etc/rc.d/init.d/apache ]; then
+ echo " + Hook: Overwritting /etc/httpd/ssl/server.{crt,key}, /etc/httpd/ssl/ca.crt and reloading Apache..."
+ cp -a /etc/apache/server.crt /etc/apache/server.crt.letsencrypt~
+ cp -a /etc/apache/server.key /etc/apache/server.key.letsencrypt~
+ cp -a /etc/apache/ca.crt /etc/apache/ca.crt.letsencrypt~
+ cat "$CERT" > /etc/apache/server.crt
+ cat "$PRIVKEY" > /etc/apache/server.key
+ cat "$CHAINCERT" > /etc/apache/ca.crt
+ /sbin/service apache restart
+ fi
+ ;;
+ "unchanged_cert")
+ # do nothing for now
+ ;;
+ *)
+ echo "Unknown hook \"${1}\""
+ exit 1
+ ;;
+esac
+
+exit 0
+
projects / packages / dehydrated.git / commitdiff