]> git.pld-linux.org Git - packages/dehydrated.git/blob - hook-dns-01.sh
projects / packages / dehydrated.git / blob
? search:


69573e6f571a322f1c0fda592006ba8e92fcbac2
[packages/dehydrated.git] / hook-dns-01.sh
1 #!/bin/sh
2 # based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
3
4 set -eu
5
6 # concat file atomic way
7 atomic_concat() {
8         local file=$1; shift
9         > $file.new
10         chmod 600 $file.new
11         cat "$@" > $file.new
12         cp -f $file $file.dehydrated~
13         mv -f $file.new $file
14 }
15
16 lighttpd_reload() {
17         if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
18                 return
19         fi
20
21         echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
22         atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
23         /sbin/service lighttpd reload
24 }
25
26 haproxy_reload() {
27         if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
28                 return
29         fi
30
31         echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
32         atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
33         /sbin/service haproxy reload
34 }
35
36 nginx_reload() {
37         if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
38                 return
39         fi
40
41         echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
42         atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
43         atomic_concat /etc/nginx/server.key "$PRIVKEY"
44         /sbin/service nginx reload
45 }
46
47 httpd_reload() {
48         if [ ! -x /etc/rc.d/init.d/httpd ]; then
49                 return
50         fi
51
52         echo " + Hook: Reloading Apache..."
53         /sbin/service httpd graceful
54 }
55
56 case "$1" in
57         "deploy_challenge")
58                 echo ""
59                 echo "Add the following to the zone definition of ${2}:"
60                 echo "'_acme-challenge.${2}:${4}:300"
61                 echo ""
62                 echo -n "Press enter to continue..."
63                 read tmp
64                 echo ""
65         ;;
66         "clean_challenge")
67                 echo ""
68                 echo "Now you can remove the following from the zone definition of ${2}:"
69                 echo "'_acme-challenge.${2}:${4}:300"
70                 echo ""
71                 echo -n "Press enter to continue..."
72                 read tmp
73                 echo ""
74         ;;
75         "deploy_cert")
76                 DOMAIN="$2"
77                 PRIVKEY="$3"
78                 CERT="$4"
79                 FULLCHAINCERT="$5"
80                 CHAINCERT="$6"
81                 TIMESTAMP="$7"
82
83                 lighttpd_reload
84                 nginx_reload
85                 httpd_reload
86                 haproxy_reload
87         ;;
88         "unchanged_cert")
89                 # do nothing for now
90         ;;
91         *)
92                 echo "Unknown hook \"${1}\""
93                 exit 1
94         ;;
95 esac
96
97 exit 0
letsencrypt/acme client implemented as a shell-script
This page took 0.035483 seconds and 2 git commands to generate.