]> git.pld-linux.org Git - packages/dehydrated.git/blob - hook-dns-01.sh
projects / packages / dehydrated.git / blob
? search:


6945dfd23787acae1ccc98f0e72bf020c0285003
[packages/dehydrated.git] / hook-dns-01.sh
1 #!/bin/sh
2 # based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
3
4 set -eu
5
6 # concat file atomic way
7 atomic_concat() {
8         local file=$1; shift
9         > $file.new
10         chmod 600 $file.new
11         cat "$@" > $file.new
12         cp -f $file $file.dehydrated~
13         mv -f $file.new $file
14 }
15
16 lighttpd_reload() {
17         if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
18                 return
19         fi
20
21         echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
22         atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
23         /sbin/service lighttpd reload
24 }
25
26 haproxy_reload() {
27         if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
28                 return
29         fi
30
31         echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
32         atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
33         /sbin/service haproxy reload
34 }
35
36 nginx_reload() {
37         if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
38                 return
39         fi
40
41         echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
42         atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
43         atomic_concat /etc/nginx/server.key "$PRIVKEY"
44         /sbin/service nginx reload
45 }
46
47 httpd_reload() {
48         if [ ! -x /etc/rc.d/init.d/httpd ]; then
49                 return
50         fi
51
52         echo " + Hook: Reloading Apache 2..."
53         atomic_concat /etc/httpd/ssl/server.crt "$FULLCHAINCERT"
54         atomic_concat /etc/httpd/ssl/server.key "$PRIVKEY"
55         /sbin/service httpd graceful
56 }
57
58 case "$1" in
59         "deploy_challenge")
60                 echo ""
61                 echo "Add the following to the zone definition of ${2}:"
62                 echo "'_acme-challenge.${2}:${4}:300"
63                 echo ""
64                 echo -n "Press enter to continue..."
65                 read tmp
66                 echo ""
67         ;;
68         "clean_challenge")
69                 echo ""
70                 echo "Now you can remove the following from the zone definition of ${2}:"
71                 echo "'_acme-challenge.${2}:${4}:300"
72                 echo ""
73                 echo -n "Press enter to continue..."
74                 read tmp
75                 echo ""
76         ;;
77         "deploy_cert")
78                 DOMAIN="$2"
79                 PRIVKEY="$3"
80                 CERT="$4"
81                 FULLCHAINCERT="$5"
82                 CHAINCERT="$6"
83                 TIMESTAMP="$7"
84
85                 lighttpd_reload
86                 nginx_reload
87                 httpd_reload
88                 haproxy_reload
89         ;;
90         "unchanged_cert")
91                 # do nothing for now
92         ;;
93         *)
94                 echo "Unknown hook \"${1}\""
95                 exit 1
96         ;;
97 esac
98
99 exit 0
letsencrypt/acme client implemented as a shell-script
This page took 0.05042 seconds and 2 git commands to generate.