+Summary: letsencrypt/acme client implemented as a shell-script
+Name: dehydrated
+Version: 0.4.0
+Release: 2
+License: MIT
+Group: Applications/Networking
+Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
+# Source0-md5: 8114ba0144a158d5ad1bdf02e6f43195
+Source1: apache.conf
+Source2: lighttpd.conf
+Source3: nginx.conf
+Source4: domains.txt
+Source5: hook.sh
+Source6: crontab
+Patch0: tld.patch
+URL: https://github.com/lukas2511/dehydrated
+BuildRequires: rpmbuild(macros) >= 1.713
+Requires: ca-certificates
+Requires: crondaemon
+Requires: curl
+Requires: diffutils
+Requires: grep
+Requires: mktemp
+Requires: openssl-tools
+Requires: sed
+Requires: webapps
+Suggests: webserver(access)
+Suggests: webserver(alias)
+BuildArch: noarch
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define _webapps /etc/webapps
+%define _webapp %{name}
+%define _sysconfdir %{_webapps}/%{_webapp}
+%define _appdir %{_datadir}/%{_webapp}
+
+%description
+This is a client for signing certificates with an ACME-server
+(currently only provided by letsencrypt) implemented as a relatively
+simple bash-script.
+
+Current features:
+- Signing of a list of domains
+- Signing of a CSR
+- Renewal if a certificate is about to expire or SAN (subdomains)
+ changed
+- Certificate revocation
+
+%prep
+%setup -q
+%patch0 -p1
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/cron.d} \
+ $RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenges,certs}
+
+install -p %{name} $RPM_BUILD_ROOT%{_sbindir}
+cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
+cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/nginx.conf
+cp -p docs/examples/config $RPM_BUILD_ROOT%{_sysconfdir}
+cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}
+cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/cron.d/%{name}
+install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
+cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%triggerin -- apache1 < 1.3.37-3, apache1-base
+%webapp_register apache %{_webapp}
+
+%triggerun -- apache1 < 1.3.37-3, apache1-base
+%webapp_unregister apache %{_webapp}
+
+%triggerin -- apache < 2.2.0, apache-base
+%webapp_register httpd %{_webapp}
+
+%triggerun -- apache < 2.2.0, apache-base
+%webapp_unregister httpd %{_webapp}
+
+%triggerin -- lighttpd
+%webapp_register lighttpd %{_webapp}
+
+%triggerun -- lighttpd
+%webapp_unregister lighttpd %{_webapp}
+
+%triggerin -- nginx
+%webapp_register nginx %{_webapp}
+
+%triggerun -- nginx
+%webapp_unregister nginx %{_webapp}
+
+%files
+%defattr(644,root,root,755)
+%doc README.md CHANGELOG LICENSE
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/%{name}
+%dir %attr(750,root,http) %{_sysconfdir}
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
+%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
+%attr(755,root,root) %{_sbindir}/%{name}
+%dir %attr(751,root,root) /var/lib/%{name}
+%dir %attr(700,root,root) /var/lib/%{name}/accounts
+%dir %attr(700,root,root) /var/lib/%{name}/certs
+# challenges written here, need to be readable by webserver
+%dir %attr(751,root,root) /var/lib/%{name}/acme-challenges