From 7ec074838367fa9b8fd60eb0ef93310077d0066b Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 24 Dec 2020 13:56:11 +0100 Subject: [PATCH] certbot: detect domains if missing --- CHANGELOG.md | 1 + certbot/files/hooks/z-commit-etc.sh | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1daccf1e..b868e562 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release. ### Added +* certbot: detect domains if missing * certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers * varnish: variable for jail configuration diff --git a/certbot/files/hooks/z-commit-etc.sh b/certbot/files/hooks/z-commit-etc.sh index c83a4039..5442bbc6 100644 --- a/certbot/files/hooks/z-commit-etc.sh +++ b/certbot/files/hooks/z-commit-etc.sh @@ -9,6 +9,13 @@ debug() { >&2 echo "${PROGNAME}: $1" fi } +domain_from_cert() { + if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ]; then + openssl x509 -noout -subject -in "${RENEWED_LINEAGE}/fullchain.pem" | sed 's/^.*CN\ *=\ *//' + else + debug "Unable to find \`${RENEWED_LINEAGE}/fullchain.pem', skip domain detection." + fi +} main() { export GIT_DIR="/etc/.git" export GIT_WORK_TREE="/etc" @@ -17,6 +24,9 @@ main() { changed_lines=$(${git_bin} status --porcelain | wc -l | tr -d ' ') if [ "${changed_lines}" != "0" ]; then + if [ -z "${RENEWED_DOMAINS}" ] && [ -n "${RENEWED_LINEAGE}" ]; then + RENEWED_DOMAINS=$(domain_from_cert) + fi debug "Committing for ${RENEWED_DOMAINS}" ${git_bin} add --all message="[letsencrypt] certificates renewal (${RENEWED_DOMAINS})" @@ -32,6 +42,5 @@ readonly VERBOSE=${VERBOSE:-"0"} readonly QUIET=${QUIET:-"0"} readonly git_bin=$(command -v git) -readonly letsencrypt_dir=/etc/letsencrypt main