#!/bin/sh
-# concat file atomic way
-atomic_concat() {
- local file=$1; shift
- > $file.new
- chmod 600 $file.new
- cat "$@" > $file.new
- cp -f $file $file.dehydrated~
- mv -f $file.new $file
-}
+# Directory with per certificate hook scripts called after
+# certificate is successfully deployed
+HOOKS_D="/etc/dehydrated/hooks.d"
-lighttpd_reload() {
- if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
- return
- fi
-
- echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
- atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
- /sbin/service lighttpd reload
-}
-
-haproxy_reload() {
- if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
- return
- fi
-
- echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
- atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
- /sbin/service haproxy reload
-}
-
-nginx_reload() {
- if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
- return
- fi
-
- echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
- atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
- atomic_concat /etc/nginx/server.key "$PRIVKEY"
- /sbin/service nginx reload
-}
-
-httpd_reload() {
- if [ ! -x /etc/rc.d/init.d/httpd ]; then
- return
- fi
-
- echo " + Hook: Reloading Apache..."
- /sbin/service httpd graceful
-}
-
-
-case "$1" in
+HANDLER="${1}"
+shift
+case "${HANDLER}" in
deploy_cert)
- DOMAIN="$2"
- PRIVKEY="$3"
- CERT="$4"
- FULLCHAINCERT="$5"
- CHAINCERT="$6"
- TIMESTAMP="$7"
-
- lighttpd_reload
- nginx_reload
- httpd_reload
- haproxy_reload
- ;;
+ local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
+ if [[ -n "${HOOKS_D}" ]]; then
+ if [[ ! -d "${HOOKS_D}" ]]; then
+ echo " + Hook: ${HANDLER}: The path ${HOOKS_D} specified for HOOKS_D does not point to a directory."
+ else
+ if [[ -f "${HOOKS_D}/${DOMAIN}" ]]; then
+ if [[ -r "${HOOKS_D}/${DOMAIN}" ]]; then
+ echo " + Hook: ${HANDLER}: Executing hook script for certificate ${DOMAIN}."
+ . "${HOOKS_D}/${DOMAIN}"
+ else
+ echo " + Hook: ${HANDLER}: Cannot execute hook script for certificate ${DOMAIN}."
+ fi
+ else
+ if [[ -f "${HOOKS_D}/global" ]] && [[ -r "${HOOKS_D}/global" ]]; then
+ echo " + Hook: ${HANDLER}: Executing global hook script"
+ . "${HOOKS_D}/global"
+ else
+ echo " + Hook: ${HANDLER}: Cannot execute global hook script."
+ fi
+ fi
+ fi
+ fi
+ ;;
clean_challenge)
- CHALLENGE_TOKEN="$2"
- KEYAUTH="$3"
- echo " + Hook: $1: Nothing to do..."
- ;;
+ local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+ echo " + Hook: ${HANDLER}: Nothing to do..."
+ ;;
deploy_challenge)
- echo " + Hook: $1: Nothing to do..."
- ;;
+ local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+ echo " + Hook: ${HANDLER}: Nothing to do..."
+ ;;
+invalid_challenge)
+ local DOMAIN="${1}" RESPONSE="${2}"
+ echo " + Hook: ${HANDLER}: Nothing to do..."
+ ;;
+request_failure)
+ local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"
+ echo " + Hook: ${HANDLER}: Nothing to do..."
+ ;;
unchanged_cert)
- echo " + Hook: $1: Nothing to do..."
- ;;
+ local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
+ echo " + Hook: ${HANDLER}: Nothing to do..."
+ ;;
*)
- echo " + Hook: $1: Nothing to do..."
- ;;
+ echo " + Hook: ${HANDLER}: Nothing to do..."
+ ;;
esac
TLD / packages / dehydrated.git / commitdiff