52 lines
1.2 KiB
Bash
Executable file
52 lines
1.2 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
cat << EOF
|
|
#!/bin/sh
|
|
|
|
UACME_CHALLENGE_PATH=${CHALLENGEDIR:?}
|
|
export UACME_CHALLENGE_PATH
|
|
|
|
# Issue certificate.
|
|
uacme -c ${CONFDIR:?} -h ${HOOKSCRIPT:?} ${DISABLE_OCSP?} ${ACME_URL?} \\
|
|
${EAB_CREDENTIALS?} ${MUST_STAPLE?} ${KEYTYPE?} issue -- ${DOMAIN:?}
|
|
|
|
# Note: exit code 0 means that certificate was issued.
|
|
# Note: exit code 1 means that certificate was still valid, hence not renewed.
|
|
# Note: exit code 2 means that something went wrong.
|
|
status=\$?
|
|
|
|
# All is well: we can stop now.
|
|
if [ \$status -eq 1 ];
|
|
then
|
|
exit 0
|
|
fi
|
|
|
|
# An error occured.
|
|
if [ \$status -eq 2 ]; then
|
|
echo "Failed to renew certificate - exiting." >&2
|
|
exit 1
|
|
fi
|
|
EOF
|
|
|
|
# Re-deploy, if needed.
|
|
if [ -n "${KEY_TARGET?}" ] && [ -n "${CERT_TARGET?}" ];
|
|
then
|
|
cat << EOF
|
|
|
|
# Deploy newly issued certificate.
|
|
set -e
|
|
|
|
CERT_SOURCE=${CONFDIR:?}/${MAIN_DOMAIN:?}/cert.pem
|
|
KEY_SOURCE=${CONFDIR:?}/private/${MAIN_DOMAIN:?}/key.pem
|
|
|
|
mkdir -p -- $(dirname "${CERT_TARGET?}") $(dirname "${KEY_TARGET?}")
|
|
|
|
if ! cmp \${CERT_SOURCE:?} ${CERT_TARGET?} >/dev/null 2>&1; then
|
|
install -m 0640 \${KEY_SOURCE:?} ${KEY_TARGET?}
|
|
install -m 0644 \${CERT_SOURCE:?} ${CERT_TARGET?}
|
|
chown ${OWNER?} ${KEY_TARGET?} ${CERT_TARGET?}
|
|
|
|
${RENEW_HOOK?}
|
|
fi
|
|
EOF
|
|
fi
|