help: Hooks #60

New Issue

adam · 2025-12-29T00:23:50+01:00

adam commented

2025-12-29 00:23:50 +01:00

Originally created by @basbebe on GitHub (Feb 11, 2016).

I'm trying to establish a hook which provides me with a key which could be used in HKPK headers.
In the next step I will try to automatically replace the part in the server config which adds the header.

I'm on FreeBSD with the version of this script from the latest port update (0.0.0.20160116, 03.02.2016)

This is what I'm trying out at the moment.

My problem is that the script seems to not be able to be opened (?) I think:

letsencrypt.sh -c -d subdomain.example.com -x
# INFO: Using config file /usr/local/etc/letsencrypt.sh/config.sh
Processing subdomain.example.com
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till May 10 13:07:00 2016 GMT (Longer than 30 days). Ignoring because renew was forced!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for subdomain.example.com...
/usr/local/bin/letsencrypt.sh: Zeile 335: /usr/local/etc/letsencrypt.sh/hooks.sh: Permission denied

my config.sh

HOOK="${BASEDIR}/hooks.sh"

(I already tried giving the hole path, that didn't work either…)

hooks.sh

#!/bin/bash

function deploy_cert {
    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
    hpkp="$(openssl rsa -in ${BASEDIR}/certs/${DOMAIN}/privkey.pem -outform der -pubout 2>/dev/null | openssl dgst -sha256 -binary | openssl enc -base64)"
  printf "\nHTTP Key Pinning\n   pin-sha256=\"$hpkp\";\n"
}

HANDLER=$1; shift; $HANDLER $@

Originally created by @basbebe on GitHub (Feb 11, 2016). I'm trying to establish a hook which provides me with a key which could be used in HKPK headers. In the next step I will try to automatically replace the part in the server config which adds the header. I'm on FreeBSD with the version of this script from the latest port update (0.0.0.20160116, 03.02.2016) This is what I'm trying out at the moment. My problem is that the script seems to not be able to be opened (?) I think: ``` letsencrypt.sh -c -d subdomain.example.com -x # INFO: Using config file /usr/local/etc/letsencrypt.sh/config.sh Processing subdomain.example.com + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... + Valid till May 10 13:07:00 2016 GMT (Longer than 30 days). Ignoring because renew was forced! + Signing domains... + Generating private key... + Generating signing request... + Requesting challenge for subdomain.example.com... /usr/local/bin/letsencrypt.sh: Zeile 335: /usr/local/etc/letsencrypt.sh/hooks.sh: Permission denied ``` my `config.sh` ``` HOOK="${BASEDIR}/hooks.sh" ``` (I already tried giving the hole path, that didn't work either…) `hooks.sh` ``` #!/bin/bash function deploy_cert { local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}" hpkp="$(openssl rsa -in ${BASEDIR}/certs/${DOMAIN}/privkey.pem -outform der -pubout 2>/dev/null | openssl dgst -sha256 -binary | openssl enc -base64)" printf "\nHTTP Key Pinning\n pin-sha256=\"$hpkp\";\n" } HANDLER=$1; shift; $HANDLER $@ ```

adam closed this issue

2025-12-29 00:23:50 +01:00

adam commented

2025-12-29 00:23:51 +01:00

@germeier commented on GitHub (Feb 11, 2016):

Check that /usr/local/etc/letsencrypt.sh/hooks.sh exists, is readable and executable e.g. permissions are 755, and the #! is set correct.

@germeier commented on GitHub (Feb 11, 2016): Check that /usr/local/etc/letsencrypt.sh/hooks.sh exists, is readable and executable e.g. permissions are 755, and the #! is set correct.

adam commented

2025-12-29 00:23:52 +01:00

@basbebe commented on GitHub (Feb 11, 2016):

I changed it to #!/usr/local/bin/bashbut the problem persists.
hooks.sh has the same permissions like config.sh and is in the same folder.

drwxr-xr-x  2 root  wheel     6B 11 Feb 10:14 .acme-challenges
drwx------  7 root  wheel     7B 10 Feb 15:07 certs
-rw-r--r--  1 root  wheel   2,5K 11 Feb 09:55 config.sh
-rw-r--r--  1 root  wheel   2,5K  7 Feb 15:56 config.sh.example
-rw-r--r--  1 root  wheel   184B 10 Feb 14:59 domains.txt
-rw-r--r--  1 root  wheel    73B  7 Feb 15:56 domains.txt.example
-rw-r--r--  1 root  wheel   2,1K 11 Feb 10:14 hooks.sh
-rw-r--r--  1 root  wheel   1,9K 11 Feb 09:33 hooks.sh.example
-rw-------  1 root  wheel   3,2K 10 Feb 12:42 private_key.em

@basbebe commented on GitHub (Feb 11, 2016): I changed it to `#!/usr/local/bin/bash`but the problem persists. hooks.sh has the same permissions like config.sh and is in the same folder. ``` drwxr-xr-x 2 root wheel 6B 11 Feb 10:14 .acme-challenges drwx------ 7 root wheel 7B 10 Feb 15:07 certs -rw-r--r-- 1 root wheel 2,5K 11 Feb 09:55 config.sh -rw-r--r-- 1 root wheel 2,5K 7 Feb 15:56 config.sh.example -rw-r--r-- 1 root wheel 184B 10 Feb 14:59 domains.txt -rw-r--r-- 1 root wheel 73B 7 Feb 15:56 domains.txt.example -rw-r--r-- 1 root wheel 2,1K 11 Feb 10:14 hooks.sh -rw-r--r-- 1 root wheel 1,9K 11 Feb 09:33 hooks.sh.example -rw------- 1 root wheel 3,2K 10 Feb 12:42 private_key.em ```

adam commented

2025-12-29 00:23:52 +01:00

@germeier commented on GitHub (Feb 11, 2016):

chmod 755 /usr/local/etc/letsencrypt.sh/hooks.sh

@germeier commented on GitHub (Feb 11, 2016): chmod 755 /usr/local/etc/letsencrypt.sh/hooks.sh

adam commented

2025-12-29 00:23:53 +01:00

@basbebe commented on GitHub (Feb 11, 2016):

-> ratelimit ;)

@basbebe commented on GitHub (Feb 11, 2016): -> ratelimit ;)

adam commented

2025-12-29 00:23:54 +01:00