evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

certbot: improve hooks

This commit is contained in:
Jérémy Lecour 2019-09-27 10:15:33 +02:00 committed by Jérémy Lecour
parent 3521d4a765
commit 44b2480e03
6 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
certbot/files/hooks/apache.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
readonly PROGNAME=$(basename "$0")
readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}
@ -16,8 +17,8 @@ debug() {
apache2ctl_bin=$(command -v apache2ctl)
if [ -n "$(pidof apache2)" ] && [ -n "${apache2ctl_bin}" ]; then
if grep -r -E "letsencrypt" /etc/apache2/; then
if ${apache2ctl_bin} configtest > /dev/null; then
if grep -q -r -E "letsencrypt" /etc/apache2/; then
if ${apache2ctl_bin} configtest > /dev/null 2>&1; then
debug "Apache detected... reloading"
systemctl reload apache2
else

1
certbot/files/hooks/commit-etc.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
readonly PROGNAME=$(basename "$0")
readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}

3
certbot/files/hooks/dovecot.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
readonly PROGNAME=$(basename "$0")
readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}
@ -17,7 +18,7 @@ doveconf_bin=$(command -v doveconf)
if [ -n "$(pidof dovecot)" ] && [ -n "${doveconf_bin}" ]; then
if ${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"; then
if ${doveconf_bin} > /dev/null; then
if ${doveconf_bin} > /dev/null 2>&1; then
debug "Dovecot detected... reloading"
systemctl reload dovecot
else

10
certbot/files/hooks/haproxy.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
readonly PROGNAME=$(basename "$0")
readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}
@ -18,12 +19,17 @@ if [ -z "${RENEWED_LINEAGE}" ]; then
fi
haproxy_bin=$(command -v haproxy)
haproxy_cert_dir="/etc/ssl/haproxy/"
if [ -n "$(pidof haproxy)" ] && [ -n "${haproxy_bin}" ]; then
if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ] && [ -f "${RENEWED_LINEAGE}/privkey.pem" ]; then
haproxy_cert_file="/etc/ssl/haproxy/$(basename "${RENEWED_LINEAGE}").pem"
haproxy_cert_file="${haproxy_cert_dir}/$(basename "${RENEWED_LINEAGE}").pem"
failed_cert_file="/root/$(basename "${RENEWED_LINEAGE}").failed.pem"
# shellcheck disable=SC2174
mkdir --mode=700 --parents "${haproxy_cert_dir}"
chown root: "${haproxy_cert_dir}"
debug "Concatenating certificate files to ${haproxy_cert_file}"
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
chmod 600 "${haproxy_cert_file}"
@ -37,7 +43,7 @@ if [ -n "$(pidof haproxy)" ] && [ -n "${haproxy_bin}" ]; then
error "Key and cert don't match, we moved the file to ${failed_cert_file} for inspection"
fi
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null; then
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null 2>&1; then
debug "HAProxy detected... reloading"
systemctl reload apache2
else

5
certbot/files/hooks/nginx.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
readonly PROGNAME=$(basename "$0")
readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}
@ -16,8 +17,8 @@ debug() {
nginx_bin=$(command -v nginx)
if [ -n "$(pidof nginx)" ] && [ -n "${nginx_bin}" ]; then
if grep --dereference-recursive -E "letsencrypt" /etc/nginx/sites-enabled; then
if ${nginx_bin} -t > /dev/null; then
if grep -q --dereference-recursive -E "letsencrypt" /etc/nginx/sites-enabled; then
if ${nginx_bin} -t > /dev/null 2>&1; then
debug "Nginx detected... reloading"
systemctl reload nginx
else

3
certbot/files/hooks/postfix.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
readonly PROGNAME=$(basename "$0")
readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}
@ -17,7 +18,7 @@ postconf_bin=$(command -v postconf)
if [ -n "$(pidof master)" ] && [ -n "${postconf_bin}" ]; then
if ${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"; then
if ${postconf_bin} > /dev/null; then
if ${postconf_bin} > /dev/null 2>&1; then
debug "Postfix detected... reloading"
systemctl reload postfix
else