evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

certbot: check syntax in hooks just before reload

Browse source
This commit is contained in:
Jérémy Lecour 2019-09-27 09:31:22 +02:00 committed by Jérémy Lecour
parent 394e28b815
commit 86108999c1
5 changed files with 45 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
certbot/files/hooks/apache.sh
View file

@ -13,18 +13,19 @@ debug() {
fi
}
if [ -n "$(pidof apache2)" ]; then
apache2ctl_bin=$(command -v apache2ctl)
if ${apache2ctl_bin} configtest > /dev/null; then
if grep --dereference-recursive -E "^\s*SSLCertificate" /etc/apache2/sites-enabled | grep -q "letsencrypt"; then
apache2ctl_bin=$(command -v apache2ctl)
if [ -n "$(pidof apache2)" ] && [ -n "${apache2ctl_bin}" ]; then
if grep -r -E "letsencrypt" /etc/apache2/; then
if ${apache2ctl_bin} configtest > /dev/null; then
debug "Apache detected... reloading"
systemctl reload apache2
else
debug "Apache doesn't use Let's Encrypt certificate. Skip."
error "Apache config is broken, you must fix it !"
fi
else
error "Apache config is broken, you must fix it !"
debug "Apache doesn't use Let's Encrypt certificate. Skip."
fi
else
debug "Apache is not running. Skip."
debug "Apache is not running or missing. Skip."
fi

15
certbot/files/hooks/dovecot.sh
View file

@ -13,18 +13,19 @@ debug() {
fi
}
if [ -n "$(pidof dovecot)" ]; then
doveconf_bin=$(command -v doveconf)
if ${doveconf_bin} > /dev/null; then
if ${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"; then
doveconf_bin=$(command -v doveconf)
if [ -n "$(pidof dovecot)" ] && [ -n "${doveconf_bin}" ]; then
if ${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"; then
if ${doveconf_bin} > /dev/null; then
debug "Dovecot detected... reloading"
systemctl reload dovecot
else
debug "Dovecot doesn't use Let's Encrypt certificate. Skip."
error "Dovecot config is broken, you must fix it !"
fi
else
error "Dovecot config is broken, you must fix it !"
debug "Dovecot doesn't use Let's Encrypt certificate. Skip."
fi
else
debug "Dovecot is not running. Skip."
debug "Dovecot is not running or missing. Skip."
fi

25
certbot/files/hooks/haproxy.sh
View file

@ -17,25 +17,26 @@ if [ -z "${RENEWED_LINEAGE}" ]; then
error "This script must be called only by certbot!"
fi
if [ -n "$(pidof haproxy)" ]; then
haproxy_bin=$(command -v haproxy)
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null; then
if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ] && [ -f "${RENEWED_LINEAGE}/privkey.pem" ]; then
haproxy_cert_file="/etc/ssl/haproxy/$(basename "${RENEWED_LINEAGE}").pem"
haproxy_bin=$(command -v haproxy)
debug "Concatenating certificate files to ${haproxy_cert_file}"
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
chmod 600 "${haproxy_cert_file}"
chown root: "${haproxy_cert_file}"
if [ -n "$(pidof haproxy)" ] && [ -n "${haproxy_bin}" ]; then
if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ] && [ -f "${RENEWED_LINEAGE}/privkey.pem" ]; then
haproxy_cert_file="/etc/ssl/haproxy/$(basename "${RENEWED_LINEAGE}").pem"
debug "Concatenating certificate files to ${haproxy_cert_file}"
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
chmod 600 "${haproxy_cert_file}"
chown root: "${haproxy_cert_file}"
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null; then
debug "HAProxy detected... reloading"
systemctl reload apache2
else
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or ${RENEWED_LINEAGE}/privkey.pem"
error "HAProxy config is broken, you must fix it !"
fi
else
error "HAProxy config is broken, you must fix it !"
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or ${RENEWED_LINEAGE}/privkey.pem"
fi
else
debug "HAProxy is not running. Skip."
debug "HAProxy is not running or missing. Skip."
fi

15
certbot/files/hooks/nginx.sh
View file

@ -13,18 +13,19 @@ debug() {
fi
}
if [ -n "$(pidof nginx)" ]; then
nginx_bin=$(command -v nginx)
if ${nginx_bin} -t > /dev/null; then
if grep --dereference-recursive -E "^\s*ssl_certificate" /etc/nginx/sites-enabled | grep -q "letsencrypt"; then
nginx_bin=$(command -v nginx)
if [ -n "$(pidof nginx)" ] && [ -n "${nginx_bin}" ]; then
if grep --dereference-recursive -E "letsencrypt" /etc/nginx/sites-enabled; then
if ${nginx_bin} -t > /dev/null; then
debug "Nginx detected... reloading"
systemctl reload nginx
else
debug "Nginx doesn't use Let's Encrypt certificate. Skip."
error "Nginx config is broken, you must fix it !"
fi
else
error "Nginx config is broken, you must fix it !"
debug "Nginx doesn't use Let's Encrypt certificate. Skip."
fi
else
debug "Nginx is not running. Skip."
debug "Nginx is not running or missing. Skip."
fi

15
certbot/files/hooks/postfix.sh
View file

@ -13,18 +13,19 @@ debug() {
fi
}
if [ -n "$(pidof master)" ]; then
postconf_bin=$(command -v postconf)
if ${postconf_bin} > /dev/null; then
if ${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"; then
postconf_bin=$(command -v postconf)
if [ -n "$(pidof master)" ] && [ -n "${postconf_bin}" ]; then
if ${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"; then
if ${postconf_bin} > /dev/null; then
debug "Postfix detected... reloading"
systemctl reload postfix
else
debug "Postfix doesn't use Let's Encrypt certificate. Skip."
error "Postfix config is broken, you must fix it !"
fi
else
error "Postfix config is broken, you must fix it !"
debug "Postfix doesn't use Let's Encrypt certificate. Skip."
fi
else
debug "Postfix is not running. Skip."
debug "Postfix is not running or missing. Skip."
fi