From f4caa52750f778b05ede0cbb0e58e3f115ee1ff1 Mon Sep 17 00:00:00 2001 From: Joachim Desroches Date: Tue, 16 Mar 2021 13:03:25 +0100 Subject: [PATCH] Cleanup renew.sh.sh so the output is more elegant. --- type/__uacme_obtain/files/renew.sh.sh | 56 +++++++++++++++++---------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/type/__uacme_obtain/files/renew.sh.sh b/type/__uacme_obtain/files/renew.sh.sh index e3e041c..18bf061 100755 --- a/type/__uacme_obtain/files/renew.sh.sh +++ b/type/__uacme_obtain/files/renew.sh.sh @@ -3,34 +3,50 @@ cat << EOF #!/bin/sh -CERT_SOURCE=$CONFDIR/$MAIN_DOMAIN/cert.pem -KEY_SOURCE=$CONFDIR/private/$MAIN_DOMAIN/key.pem - -export UACME_CHALLENGE_PATH=$CHALLENGEDIR +UACME_CHALLENGE_PATH=${CHALLENGEDIR:?} +export UACME_CHALLENGE_PATH # Issue certificate. -uacme issue -c $CONFDIR -h $HOOKSCRIPT $DISABLE_OCSP $MUST_STABLE $KEYTYPE \ -$DOMAIN -if [ $? -eq 2 ]; then - # Note: exit code 0 means that certificate was issued. - # Note: exit code 1 means that certificate was still valid, hence not renewed. - # Note: exit code 2 means that something went wrong. +uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\ + issue -- ${DOMAIN:?} + +# Note: exit code 0 means that certificate was issued. +# Note: exit code 1 means that certificate was still valid, hence not renewed. +# Note: exit code 2 means that something went wrong. +status=\$? + +# All is well: we can stop now. +if [ \$status -eq 1 ]; +then + exit 0 +fi + +# An error occured. +if [ \$status -eq 2 ]; then echo "Failed to renew certificate - exiting." >&2 exit 1 fi +EOF # Re-deploy, if needed. -if [ -n "$KEY_TARGET" ] && [ -n "$CERT_TARGET" ]; then - set -e +if [ -n "${KEY_TARGET?}" ] && [ -n "${CERT_TARGET?}" ]; +then +cat << EOF - mkdir -p $(dirname "$CERT_TARGET") $(dirname "$KEY_TARGET") - - if ! cmp \$CERT_SOURCE $CERT_TARGET >/dev/null 2>&1; then - install -m 0640 \$KEY_SOURCE $KEY_TARGET - install -m 0644 \$CERT_SOURCE $CERT_TARGET - chown $OWNER $KEY_TARGET $CERT_TARGET +# Deploy newly issued certificate. +set -e - $RENEW_HOOK - fi +CERT_SOURCE=${CONFDIR:?}/${MAIN_DOMAIN:?}/cert.pem +KEY_SOURCE=${CONFDIR:?}/private/${MAIN_DOMAIN:?}/key.pem + +mkdir -p -- $(dirname "${CERT_TARGET?}") $(dirname "${KEY_TARGET?}") + +if ! cmp \${CERT_SOURCE:?} ${CERT_TARGET?} >/dev/null 2>&1; then + install -m 0640 \${KEY_SOURCE:?} ${KEY_TARGET?} + install -m 0644 \${CERT_SOURCE:?} ${CERT_TARGET?} + chown ${OWNER?} ${KEY_TARGET?} ${CERT_TARGET?} + + ${RENEW_HOOK?} fi EOF +fi