mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-07-06 04:55:22 +02:00
new hook: sync_cert (closes #609)
This commit is contained in:
@@ -9,6 +9,7 @@ This file contains a log of major changes in dehydrated
|
|||||||
|
|
||||||
## Added
|
## Added
|
||||||
- Initial support for tls-alpn-01 validation
|
- Initial support for tls-alpn-01 validation
|
||||||
|
- New hook: sync_cert (for syncing certificate files to disk, see example hook description)
|
||||||
|
|
||||||
## [0.6.2] - 2018-04-25
|
## [0.6.2] - 2018-04-25
|
||||||
## Added
|
## Added
|
||||||
|
|||||||
@@ -1054,6 +1054,9 @@ sign_domain() {
|
|||||||
rm "${tmpcert}" "${tmpchain}"
|
rm "${tmpcert}" "${tmpchain}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Wait for hook script to sync the files before creating the symlinks
|
||||||
|
[[ -n "${HOOK}" ]] && "${HOOK}" "sync_cert" "${certdir}/privkey-${timestamp}.pem" "${certdir}/cert-${timestamp}.pem" "${certdir}/fullchain-${timestamp}.pem" "${certdir}/chain-${timestamp}.pem" "${certdir}/cert-${timestamp}.csr"
|
||||||
|
|
||||||
# Update symlinks
|
# Update symlinks
|
||||||
[[ "${privkey}" = "privkey.pem" ]] || ln -sf "privkey-${timestamp}.pem" "${certdir}/privkey.pem"
|
[[ "${privkey}" = "privkey.pem" ]] || ln -sf "privkey-${timestamp}.pem" "${certdir}/privkey.pem"
|
||||||
|
|
||||||
|
|||||||
+27
-1
@@ -37,6 +37,32 @@ clean_challenge() {
|
|||||||
# printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
|
# printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sync_cert() {
|
||||||
|
local KEYFILE="${1}" CERTFILE="${2}" FULLCHAINFILE="${3}" CHAINFILE="${4}" REQUESTFILE="${5}"
|
||||||
|
|
||||||
|
# This hook is called after the certificates have been created but before
|
||||||
|
# they are symlinked. This allows you to sync the files to disk to prevent
|
||||||
|
# creating a symlink to empty files on unexpected system crashes.
|
||||||
|
#
|
||||||
|
# This hook is not intended to be used for further processing of certificate
|
||||||
|
# files, see deploy_cert for that.
|
||||||
|
#
|
||||||
|
# Parameters:
|
||||||
|
# - KEYFILE
|
||||||
|
# The path of the file containing the private key.
|
||||||
|
# - CERTFILE
|
||||||
|
# The path of the file containing the signed certificate.
|
||||||
|
# - FULLCHAINFILE
|
||||||
|
# The path of the file containing the full certificate chain.
|
||||||
|
# - CHAINFILE
|
||||||
|
# The path of the file containing the intermediate certificate(s).
|
||||||
|
# - REQUESTFILE
|
||||||
|
# The path of the file containing the certificate signing request.
|
||||||
|
|
||||||
|
# Simple example: sync the files before symlinking them
|
||||||
|
# sync "${KEYFILE}" "${CERTFILE} "${FULLCHAINFILE}" "${CHAINFILE}" "${REQUESTFILE}"
|
||||||
|
}
|
||||||
|
|
||||||
deploy_cert() {
|
deploy_cert() {
|
||||||
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
|
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
|
||||||
|
|
||||||
@@ -189,6 +215,6 @@ exit_hook() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
HANDLER="$1"; shift
|
HANDLER="$1"; shift
|
||||||
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook)$ ]]; then
|
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|sync_cert|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook)$ ]]; then
|
||||||
"$HANDLER" "$@"
|
"$HANDLER" "$@"
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user