forked from evolix/ansible-roles
certbot: improve hooks
This commit is contained in:
parent
3521d4a765
commit
44b2480e03
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
readonly QUIET=${QUIET:-"0"}
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
@ -16,8 +17,8 @@ debug() {
|
||||||
apache2ctl_bin=$(command -v apache2ctl)
|
apache2ctl_bin=$(command -v apache2ctl)
|
||||||
|
|
||||||
if [ -n "$(pidof apache2)" ] && [ -n "${apache2ctl_bin}" ]; then
|
if [ -n "$(pidof apache2)" ] && [ -n "${apache2ctl_bin}" ]; then
|
||||||
if grep -r -E "letsencrypt" /etc/apache2/; then
|
if grep -q -r -E "letsencrypt" /etc/apache2/; then
|
||||||
if ${apache2ctl_bin} configtest > /dev/null; then
|
if ${apache2ctl_bin} configtest > /dev/null 2>&1; then
|
||||||
debug "Apache detected... reloading"
|
debug "Apache detected... reloading"
|
||||||
systemctl reload apache2
|
systemctl reload apache2
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
readonly QUIET=${QUIET:-"0"}
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
readonly QUIET=${QUIET:-"0"}
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
@ -17,7 +18,7 @@ doveconf_bin=$(command -v doveconf)
|
||||||
|
|
||||||
if [ -n "$(pidof dovecot)" ] && [ -n "${doveconf_bin}" ]; then
|
if [ -n "$(pidof dovecot)" ] && [ -n "${doveconf_bin}" ]; then
|
||||||
if ${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"; then
|
if ${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"; then
|
||||||
if ${doveconf_bin} > /dev/null; then
|
if ${doveconf_bin} > /dev/null 2>&1; then
|
||||||
debug "Dovecot detected... reloading"
|
debug "Dovecot detected... reloading"
|
||||||
systemctl reload dovecot
|
systemctl reload dovecot
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
readonly QUIET=${QUIET:-"0"}
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
@ -18,12 +19,17 @@ if [ -z "${RENEWED_LINEAGE}" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
haproxy_bin=$(command -v haproxy)
|
haproxy_bin=$(command -v haproxy)
|
||||||
|
haproxy_cert_dir="/etc/ssl/haproxy/"
|
||||||
|
|
||||||
if [ -n "$(pidof haproxy)" ] && [ -n "${haproxy_bin}" ]; then
|
if [ -n "$(pidof haproxy)" ] && [ -n "${haproxy_bin}" ]; then
|
||||||
if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ] && [ -f "${RENEWED_LINEAGE}/privkey.pem" ]; then
|
if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ] && [ -f "${RENEWED_LINEAGE}/privkey.pem" ]; then
|
||||||
haproxy_cert_file="/etc/ssl/haproxy/$(basename "${RENEWED_LINEAGE}").pem"
|
haproxy_cert_file="${haproxy_cert_dir}/$(basename "${RENEWED_LINEAGE}").pem"
|
||||||
failed_cert_file="/root/$(basename "${RENEWED_LINEAGE}").failed.pem"
|
failed_cert_file="/root/$(basename "${RENEWED_LINEAGE}").failed.pem"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2174
|
||||||
|
mkdir --mode=700 --parents "${haproxy_cert_dir}"
|
||||||
|
chown root: "${haproxy_cert_dir}"
|
||||||
|
|
||||||
debug "Concatenating certificate files to ${haproxy_cert_file}"
|
debug "Concatenating certificate files to ${haproxy_cert_file}"
|
||||||
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
|
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
|
||||||
chmod 600 "${haproxy_cert_file}"
|
chmod 600 "${haproxy_cert_file}"
|
||||||
|
@ -37,7 +43,7 @@ if [ -n "$(pidof haproxy)" ] && [ -n "${haproxy_bin}" ]; then
|
||||||
error "Key and cert don't match, we moved the file to ${failed_cert_file} for inspection"
|
error "Key and cert don't match, we moved the file to ${failed_cert_file} for inspection"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null; then
|
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null 2>&1; then
|
||||||
debug "HAProxy detected... reloading"
|
debug "HAProxy detected... reloading"
|
||||||
systemctl reload apache2
|
systemctl reload apache2
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
readonly QUIET=${QUIET:-"0"}
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
@ -16,8 +17,8 @@ debug() {
|
||||||
nginx_bin=$(command -v nginx)
|
nginx_bin=$(command -v nginx)
|
||||||
|
|
||||||
if [ -n "$(pidof nginx)" ] && [ -n "${nginx_bin}" ]; then
|
if [ -n "$(pidof nginx)" ] && [ -n "${nginx_bin}" ]; then
|
||||||
if grep --dereference-recursive -E "letsencrypt" /etc/nginx/sites-enabled; then
|
if grep -q --dereference-recursive -E "letsencrypt" /etc/nginx/sites-enabled; then
|
||||||
if ${nginx_bin} -t > /dev/null; then
|
if ${nginx_bin} -t > /dev/null 2>&1; then
|
||||||
debug "Nginx detected... reloading"
|
debug "Nginx detected... reloading"
|
||||||
systemctl reload nginx
|
systemctl reload nginx
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
readonly QUIET=${QUIET:-"0"}
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
@ -17,7 +18,7 @@ postconf_bin=$(command -v postconf)
|
||||||
|
|
||||||
if [ -n "$(pidof master)" ] && [ -n "${postconf_bin}" ]; then
|
if [ -n "$(pidof master)" ] && [ -n "${postconf_bin}" ]; then
|
||||||
if ${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"; then
|
if ${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"; then
|
||||||
if ${postconf_bin} > /dev/null; then
|
if ${postconf_bin} > /dev/null 2>&1; then
|
||||||
debug "Postfix detected... reloading"
|
debug "Postfix detected... reloading"
|
||||||
systemctl reload postfix
|
systemctl reload postfix
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in a new issue