From 705fb54e927e1df4515e99639e90095f0863470b Mon Sep 17 00:00:00 2001 From: lschuermann Date: Tue, 1 Mar 2016 22:29:15 +0100 Subject: [PATCH 1/3] Add hook for unchanged certificates. --- hook.sh.example | 20 ++++++++++++++++++++ letsencrypt.sh | 4 +++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/hook.sh.example b/hook.sh.example index 41d32a0..3381682 100644 --- a/hook.sh.example +++ b/hook.sh.example @@ -52,4 +52,24 @@ function deploy_cert { # The path of the file containing the intermediate certificate(s). } +function unchanged_cert { + local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" + + # This hook is called once for each certificate that is still + # valid and therefore wasn't reissued. + # + # Parameters: + # - DOMAIN + # The primary domain name, i.e. the certificate common + # name (CN). + # - KEYFILE + # The path of the file containing the private key. + # - CERTFILE + # The path of the file containing the signed certificate. + # - FULLCHAINFILE + # The path of the file containing the full certificate chain. + # - CHAINFILE + # The path of the file containing the intermediate certificate(s). +} + HANDLER=$1; shift; $HANDLER $@ diff --git a/letsencrypt.sh b/letsencrypt.sh index 99f5592..fe90145 100755 --- a/letsencrypt.sh +++ b/letsencrypt.sh @@ -598,7 +598,9 @@ command_sign_domains() { if [[ "${force_renew}" = "yes" ]]; then echo "Ignoring because renew was forced!" else - echo "Skipping!" + # Certificate-Names unchanged and cert is still valid + echo "Skipping renew! Calling unchanged-hook." + [[ -n "${HOOK}" ]] && "${HOOK}" "unchanged_cert" "${domain}" "${BASEDIR}/certs/${domain}/privkey.pem" "${BASEDIR}/certs/${domain}/cert.pem" "${BASEDIR}/certs/${domain}/fullchain.pem" "${BASEDIR}/certs/${domain}/chain.pem" continue fi else From 64b23e7a076f02e6408f23a587391e4682a50027 Mon Sep 17 00:00:00 2001 From: lschuermann Date: Tue, 1 Mar 2016 22:41:37 +0100 Subject: [PATCH 2/3] Edit test according to unchanged-certificate hook. --- test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.sh b/test.sh index c673372..dcb3d78 100755 --- a/test.sh +++ b/test.sh @@ -153,7 +153,7 @@ _TEST "Run in cron mode again, this time with domain in domains.txt, should find echo "${TMP_URL} ${TMP2_URL} ${TMP3_URL}" >> domains.txt ./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Checking domain name(s) of existing cert... unchanged." -_CHECK_LOG "Skipping!" +_CHECK_LOG "Skipping renew" _CHECK_ERRORLOG # Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key) From dd33de59d8ac534d13a582deaa449203348836f7 Mon Sep 17 00:00:00 2001 From: lschuermann Date: Sat, 19 Mar 2016 09:07:47 +0100 Subject: [PATCH 3/3] Change unchanged-certificate message. --- letsencrypt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt.sh b/letsencrypt.sh index fe90145..8afbb3c 100755 --- a/letsencrypt.sh +++ b/letsencrypt.sh @@ -599,7 +599,7 @@ command_sign_domains() { echo "Ignoring because renew was forced!" else # Certificate-Names unchanged and cert is still valid - echo "Skipping renew! Calling unchanged-hook." + echo "Skipping renew!" [[ -n "${HOOK}" ]] && "${HOOK}" "unchanged_cert" "${domain}" "${BASEDIR}/certs/${domain}/privkey.pem" "${BASEDIR}/certs/${domain}/cert.pem" "${BASEDIR}/certs/${domain}/fullchain.pem" "${BASEDIR}/certs/${domain}/chain.pem" continue fi