Cleanup renew.sh.sh so the output is more elegant.

This commit is contained in:
sparrowhawk 2021-03-16 13:03:25 +01:00
parent 5d9bebbdb5
commit f4caa52750
No known key found for this signature in database
GPG key ID: 6778C9C29C02D691

View file

@ -3,34 +3,50 @@
cat << EOF cat << EOF
#!/bin/sh #!/bin/sh
CERT_SOURCE=$CONFDIR/$MAIN_DOMAIN/cert.pem UACME_CHALLENGE_PATH=${CHALLENGEDIR:?}
KEY_SOURCE=$CONFDIR/private/$MAIN_DOMAIN/key.pem export UACME_CHALLENGE_PATH
export UACME_CHALLENGE_PATH=$CHALLENGEDIR
# Issue certificate. # Issue certificate.
uacme issue -c $CONFDIR -h $HOOKSCRIPT $DISABLE_OCSP $MUST_STABLE $KEYTYPE \ uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${MUST_STAPLE?} ${KEYTYPE?} \\
$DOMAIN issue -- ${DOMAIN:?}
if [ $? -eq 2 ]; then
# Note: exit code 0 means that certificate was issued. # Note: exit code 0 means that certificate was issued.
# Note: exit code 1 means that certificate was still valid, hence not renewed. # Note: exit code 1 means that certificate was still valid, hence not renewed.
# Note: exit code 2 means that something went wrong. # Note: exit code 2 means that something went wrong.
status=\$?
# All is well: we can stop now.
if [ \$status -eq 1 ];
then
exit 0
fi
# An error occured.
if [ \$status -eq 2 ]; then
echo "Failed to renew certificate - exiting." >&2 echo "Failed to renew certificate - exiting." >&2
exit 1 exit 1
fi fi
EOF
# Re-deploy, if needed. # Re-deploy, if needed.
if [ -n "$KEY_TARGET" ] && [ -n "$CERT_TARGET" ]; then if [ -n "${KEY_TARGET?}" ] && [ -n "${CERT_TARGET?}" ];
set -e then
cat << EOF
mkdir -p $(dirname "$CERT_TARGET") $(dirname "$KEY_TARGET") # Deploy newly issued certificate.
set -e
if ! cmp \$CERT_SOURCE $CERT_TARGET >/dev/null 2>&1; then CERT_SOURCE=${CONFDIR:?}/${MAIN_DOMAIN:?}/cert.pem
install -m 0640 \$KEY_SOURCE $KEY_TARGET KEY_SOURCE=${CONFDIR:?}/private/${MAIN_DOMAIN:?}/key.pem
install -m 0644 \$CERT_SOURCE $CERT_TARGET
chown $OWNER $KEY_TARGET $CERT_TARGET
$RENEW_HOOK mkdir -p -- $(dirname "${CERT_TARGET?}") $(dirname "${KEY_TARGET?}")
fi
if ! cmp \${CERT_SOURCE:?} ${CERT_TARGET?} >/dev/null 2>&1; then
install -m 0640 \${KEY_SOURCE:?} ${KEY_TARGET?}
install -m 0644 \${CERT_SOURCE:?} ${CERT_TARGET?}
chown ${OWNER?} ${KEY_TARGET?} ${CERT_TARGET?}
${RENEW_HOOK?}
fi fi
EOF EOF
fi