mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-07-07 21:45:14 +02:00
Use consistent indent in hook.sh
This commit is contained in:
committed by
Lukas Schauer
parent
71f6bc617e
commit
e17456778f
+151
-151
@@ -1,199 +1,199 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
deploy_challenge() {
|
deploy_challenge() {
|
||||||
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
|
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
|
||||||
|
|
||||||
# This hook is called once for every domain that needs to be
|
# This hook is called once for every domain that needs to be
|
||||||
# validated, including any alternative names you may have listed.
|
# validated, including any alternative names you may have listed.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - DOMAIN
|
# - DOMAIN
|
||||||
# The domain name (CN or subject alternative name) being
|
# The domain name (CN or subject alternative name) being
|
||||||
# validated.
|
# validated.
|
||||||
# - TOKEN_FILENAME
|
# - TOKEN_FILENAME
|
||||||
# The name of the file containing the token to be served for HTTP
|
# The name of the file containing the token to be served for HTTP
|
||||||
# validation. Should be served by your web server as
|
# validation. Should be served by your web server as
|
||||||
# /.well-known/acme-challenge/${TOKEN_FILENAME}.
|
# /.well-known/acme-challenge/${TOKEN_FILENAME}.
|
||||||
# - TOKEN_VALUE
|
# - TOKEN_VALUE
|
||||||
# The token value that needs to be served for validation. For DNS
|
# The token value that needs to be served for validation. For DNS
|
||||||
# validation, this is what you want to put in the _acme-challenge
|
# validation, this is what you want to put in the _acme-challenge
|
||||||
# TXT record. For HTTP validation it is the value that is expected
|
# TXT record. For HTTP validation it is the value that is expected
|
||||||
# be found in the $TOKEN_FILENAME file.
|
# be found in the $TOKEN_FILENAME file.
|
||||||
|
|
||||||
# Simple example: Use nsupdate with local named
|
# Simple example: Use nsupdate with local named
|
||||||
# printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
|
# printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
|
||||||
}
|
}
|
||||||
|
|
||||||
clean_challenge() {
|
clean_challenge() {
|
||||||
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
|
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
|
||||||
|
|
||||||
# This hook is called after attempting to validate each domain,
|
# This hook is called after attempting to validate each domain,
|
||||||
# whether or not validation was successful. Here you can delete
|
# whether or not validation was successful. Here you can delete
|
||||||
# files or DNS records that are no longer needed.
|
# files or DNS records that are no longer needed.
|
||||||
#
|
#
|
||||||
# The parameters are the same as for deploy_challenge.
|
# The parameters are the same as for deploy_challenge.
|
||||||
|
|
||||||
# Simple example: Use nsupdate with local named
|
# Simple example: Use nsupdate with local named
|
||||||
# printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
|
# printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
|
||||||
}
|
}
|
||||||
|
|
||||||
sync_cert() {
|
sync_cert() {
|
||||||
local KEYFILE="${1}" CERTFILE="${2}" FULLCHAINFILE="${3}" CHAINFILE="${4}" REQUESTFILE="${5}"
|
local KEYFILE="${1}" CERTFILE="${2}" FULLCHAINFILE="${3}" CHAINFILE="${4}" REQUESTFILE="${5}"
|
||||||
|
|
||||||
# This hook is called after the certificates have been created but before
|
# This hook is called after the certificates have been created but before
|
||||||
# they are symlinked. This allows you to sync the files to disk to prevent
|
# they are symlinked. This allows you to sync the files to disk to prevent
|
||||||
# creating a symlink to empty files on unexpected system crashes.
|
# creating a symlink to empty files on unexpected system crashes.
|
||||||
#
|
#
|
||||||
# This hook is not intended to be used for further processing of certificate
|
# This hook is not intended to be used for further processing of certificate
|
||||||
# files, see deploy_cert for that.
|
# files, see deploy_cert for that.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - KEYFILE
|
# - KEYFILE
|
||||||
# The path of the file containing the private key.
|
# The path of the file containing the private key.
|
||||||
# - CERTFILE
|
# - CERTFILE
|
||||||
# The path of the file containing the signed certificate.
|
# The path of the file containing the signed certificate.
|
||||||
# - FULLCHAINFILE
|
# - FULLCHAINFILE
|
||||||
# The path of the file containing the full certificate chain.
|
# The path of the file containing the full certificate chain.
|
||||||
# - CHAINFILE
|
# - CHAINFILE
|
||||||
# The path of the file containing the intermediate certificate(s).
|
# The path of the file containing the intermediate certificate(s).
|
||||||
# - REQUESTFILE
|
# - REQUESTFILE
|
||||||
# The path of the file containing the certificate signing request.
|
# The path of the file containing the certificate signing request.
|
||||||
|
|
||||||
# Simple example: sync the files before symlinking them
|
# Simple example: sync the files before symlinking them
|
||||||
# sync "${KEYFILE}" "${CERTFILE}" "${FULLCHAINFILE}" "${CHAINFILE}" "${REQUESTFILE}"
|
# sync "${KEYFILE}" "${CERTFILE}" "${FULLCHAINFILE}" "${CHAINFILE}" "${REQUESTFILE}"
|
||||||
}
|
}
|
||||||
|
|
||||||
deploy_cert() {
|
deploy_cert() {
|
||||||
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
|
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
|
||||||
|
|
||||||
# This hook is called once for each certificate that has been
|
# This hook is called once for each certificate that has been
|
||||||
# produced. Here you might, for instance, copy your new certificates
|
# produced. Here you might, for instance, copy your new certificates
|
||||||
# to service-specific locations and reload the service.
|
# to service-specific locations and reload the service.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - DOMAIN
|
# - DOMAIN
|
||||||
# The primary domain name, i.e. the certificate common
|
# The primary domain name, i.e. the certificate common
|
||||||
# name (CN).
|
# name (CN).
|
||||||
# - KEYFILE
|
# - KEYFILE
|
||||||
# The path of the file containing the private key.
|
# The path of the file containing the private key.
|
||||||
# - CERTFILE
|
# - CERTFILE
|
||||||
# The path of the file containing the signed certificate.
|
# The path of the file containing the signed certificate.
|
||||||
# - FULLCHAINFILE
|
# - FULLCHAINFILE
|
||||||
# The path of the file containing the full certificate chain.
|
# The path of the file containing the full certificate chain.
|
||||||
# - CHAINFILE
|
# - CHAINFILE
|
||||||
# The path of the file containing the intermediate certificate(s).
|
# The path of the file containing the intermediate certificate(s).
|
||||||
# - TIMESTAMP
|
# - TIMESTAMP
|
||||||
# Timestamp when the specified certificate was created.
|
# Timestamp when the specified certificate was created.
|
||||||
|
|
||||||
# Simple example: Copy file to nginx config
|
# Simple example: Copy file to nginx config
|
||||||
# cp "${KEYFILE}" "${FULLCHAINFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
|
# cp "${KEYFILE}" "${FULLCHAINFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
|
||||||
# systemctl reload nginx
|
# systemctl reload nginx
|
||||||
}
|
}
|
||||||
|
|
||||||
deploy_ocsp() {
|
deploy_ocsp() {
|
||||||
local DOMAIN="${1}" OCSPFILE="${2}" TIMESTAMP="${3}"
|
local DOMAIN="${1}" OCSPFILE="${2}" TIMESTAMP="${3}"
|
||||||
|
|
||||||
# This hook is called once for each updated ocsp stapling file that has
|
# This hook is called once for each updated ocsp stapling file that has
|
||||||
# been produced. Here you might, for instance, copy your new ocsp stapling
|
# been produced. Here you might, for instance, copy your new ocsp stapling
|
||||||
# files to service-specific locations and reload the service.
|
# files to service-specific locations and reload the service.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - DOMAIN
|
# - DOMAIN
|
||||||
# The primary domain name, i.e. the certificate common
|
# The primary domain name, i.e. the certificate common
|
||||||
# name (CN).
|
# name (CN).
|
||||||
# - OCSPFILE
|
# - OCSPFILE
|
||||||
# The path of the ocsp stapling file
|
# The path of the ocsp stapling file
|
||||||
# - TIMESTAMP
|
# - TIMESTAMP
|
||||||
# Timestamp when the specified ocsp stapling file was created.
|
# Timestamp when the specified ocsp stapling file was created.
|
||||||
|
|
||||||
# Simple example: Copy file to nginx config
|
# Simple example: Copy file to nginx config
|
||||||
# cp "${OCSPFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
|
# cp "${OCSPFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
|
||||||
# systemctl reload nginx
|
# systemctl reload nginx
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
unchanged_cert() {
|
unchanged_cert() {
|
||||||
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
|
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
|
||||||
|
|
||||||
# This hook is called once for each certificate that is still
|
# This hook is called once for each certificate that is still
|
||||||
# valid and therefore wasn't reissued.
|
# valid and therefore wasn't reissued.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - DOMAIN
|
# - DOMAIN
|
||||||
# The primary domain name, i.e. the certificate common
|
# The primary domain name, i.e. the certificate common
|
||||||
# name (CN).
|
# name (CN).
|
||||||
# - KEYFILE
|
# - KEYFILE
|
||||||
# The path of the file containing the private key.
|
# The path of the file containing the private key.
|
||||||
# - CERTFILE
|
# - CERTFILE
|
||||||
# The path of the file containing the signed certificate.
|
# The path of the file containing the signed certificate.
|
||||||
# - FULLCHAINFILE
|
# - FULLCHAINFILE
|
||||||
# The path of the file containing the full certificate chain.
|
# The path of the file containing the full certificate chain.
|
||||||
# - CHAINFILE
|
# - CHAINFILE
|
||||||
# The path of the file containing the intermediate certificate(s).
|
# The path of the file containing the intermediate certificate(s).
|
||||||
}
|
}
|
||||||
|
|
||||||
invalid_challenge() {
|
invalid_challenge() {
|
||||||
local DOMAIN="${1}" RESPONSE="${2}"
|
local DOMAIN="${1}" RESPONSE="${2}"
|
||||||
|
|
||||||
# This hook is called if the challenge response has failed, so domain
|
# This hook is called if the challenge response has failed, so domain
|
||||||
# owners can be aware and act accordingly.
|
# owners can be aware and act accordingly.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - DOMAIN
|
# - DOMAIN
|
||||||
# The primary domain name, i.e. the certificate common
|
# The primary domain name, i.e. the certificate common
|
||||||
# name (CN).
|
# name (CN).
|
||||||
# - RESPONSE
|
# - RESPONSE
|
||||||
# The response that the verification server returned
|
# The response that the verification server returned
|
||||||
|
|
||||||
# Simple example: Send mail to root
|
# Simple example: Send mail to root
|
||||||
# printf "Subject: Validation of ${DOMAIN} failed!\n\nOh noez!" | sendmail root
|
# printf "Subject: Validation of ${DOMAIN} failed!\n\nOh noez!" | sendmail root
|
||||||
}
|
}
|
||||||
|
|
||||||
request_failure() {
|
request_failure() {
|
||||||
local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}" HEADERS="${4}"
|
local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}" HEADERS="${4}"
|
||||||
|
|
||||||
# This hook is called when an HTTP request fails (e.g., when the ACME
|
# This hook is called when an HTTP request fails (e.g., when the ACME
|
||||||
# server is busy, returns an error, etc). It will be called upon any
|
# server is busy, returns an error, etc). It will be called upon any
|
||||||
# response code that does not start with '2'. Useful to alert admins
|
# response code that does not start with '2'. Useful to alert admins
|
||||||
# about problems with requests.
|
# about problems with requests.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - STATUSCODE
|
# - STATUSCODE
|
||||||
# The HTML status code that originated the error.
|
# The HTML status code that originated the error.
|
||||||
# - REASON
|
# - REASON
|
||||||
# The specified reason for the error.
|
# The specified reason for the error.
|
||||||
# - REQTYPE
|
# - REQTYPE
|
||||||
# The kind of request that was made (GET, POST...)
|
# The kind of request that was made (GET, POST...)
|
||||||
# - HEADERS
|
# - HEADERS
|
||||||
# HTTP headers returned by the CA
|
# HTTP headers returned by the CA
|
||||||
|
|
||||||
# Simple example: Send mail to root
|
# Simple example: Send mail to root
|
||||||
# printf "Subject: HTTP request failed failed!\n\nA http request failed with status ${STATUSCODE}!" | sendmail root
|
# printf "Subject: HTTP request failed failed!\n\nA http request failed with status ${STATUSCODE}!" | sendmail root
|
||||||
}
|
}
|
||||||
|
|
||||||
generate_csr() {
|
generate_csr() {
|
||||||
local DOMAIN="${1}" CERTDIR="${2}" ALTNAMES="${3}"
|
local DOMAIN="${1}" CERTDIR="${2}" ALTNAMES="${3}"
|
||||||
|
|
||||||
# This hook is called before any certificate signing operation takes place.
|
# This hook is called before any certificate signing operation takes place.
|
||||||
# It can be used to generate or fetch a certificate signing request with external
|
# It can be used to generate or fetch a certificate signing request with external
|
||||||
# tools.
|
# tools.
|
||||||
# The output should be just the certificate signing request formatted as PEM.
|
# The output should be just the certificate signing request formatted as PEM.
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
# - DOMAIN
|
# - DOMAIN
|
||||||
# The primary domain as specified in domains.txt. This does not need to
|
# The primary domain as specified in domains.txt. This does not need to
|
||||||
# match with the domains in the CSR, it's basically just the directory name.
|
# match with the domains in the CSR, it's basically just the directory name.
|
||||||
# - CERTDIR
|
# - CERTDIR
|
||||||
# Certificate output directory for this particular certificate. Can be used
|
# Certificate output directory for this particular certificate. Can be used
|
||||||
# for storing additional files.
|
# for storing additional files.
|
||||||
# - ALTNAMES
|
# - ALTNAMES
|
||||||
# All domain names for the current certificate as specified in domains.txt.
|
# All domain names for the current certificate as specified in domains.txt.
|
||||||
# Again, this doesn't need to match with the CSR, it's just there for convenience.
|
# Again, this doesn't need to match with the CSR, it's just there for convenience.
|
||||||
|
|
||||||
# Simple example: Look for pre-generated CSRs
|
# Simple example: Look for pre-generated CSRs
|
||||||
# if [ -e "${CERTDIR}/pre-generated.csr" ]; then
|
# if [ -e "${CERTDIR}/pre-generated.csr" ]; then
|
||||||
# cat "${CERTDIR}/pre-generated.csr"
|
# cat "${CERTDIR}/pre-generated.csr"
|
||||||
# fi
|
# fi
|
||||||
}
|
}
|
||||||
|
|
||||||
startup_hook() {
|
startup_hook() {
|
||||||
|
|||||||
Reference in New Issue
Block a user