From 1e5f9d7675ec5cebedcc133c4d25cf16da5cad33 Mon Sep 17 00:00:00 2001
From: Alexander Moisseev <moiseev@mezonplus.ru>
Date: Sat, 23 Mar 2019 13:05:11 +0300
Subject: [PATCH] Created Example of lighttpd combined certificate deployment
 hook (markdown)

---
 ...pd-combined-certificate-deployment-hook.md | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 Example-of-lighttpd-combined-certificate-deployment-hook.md

diff --git a/Example-of-lighttpd-combined-certificate-deployment-hook.md b/Example-of-lighttpd-combined-certificate-deployment-hook.md
new file mode 100644
index 0000000..739a98e
--- /dev/null
+++ b/Example-of-lighttpd-combined-certificate-deployment-hook.md
@@ -0,0 +1,53 @@
+When using this hook, dehydrated will concatenate `privkey.pem` and `cert.pem` to `privcert.pem`, restart lighttpd and remove unused certificate files.
+
+```sh
+#!/usr/local/bin/bash
+
+deploy_cert() {
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
+
+    # This hook is called once for each certificate that has been
+    # produced. Here you might, for instance, copy your new certificates
+    # to service-specific locations and reload the service.
+    #
+    # Parameters:
+    # - DOMAIN
+    #   The primary domain name, i.e. the certificate common
+    #   name (CN).
+    # - KEYFILE
+    #   The path of the file containing the private key.
+    # - CERTFILE
+    #   The path of the file containing the signed certificate.
+    # - FULLCHAINFILE
+    #   The path of the file containing the full certificate chain.
+    # - CHAINFILE
+    #   The path of the file containing the intermediate certificate(s).
+    # - TIMESTAMP
+    #   Timestamp when the specified certificate was created.
+
+    echo "Executing deploy_cert hook $0"
+
+    echo " + Creating privcert.pem (a combined privkey.pem + cert.pem)"
+    cd "$(dirname "${CERTFILE}")" && {
+        cat "${KEYFILE}" "${CERTFILE}" > "privcert-${TIMESTAMP}.pem" && \
+        ln -sf "privcert-${TIMESTAMP}.pem" "privcert.pem" && {
+            echo " + Restarting lighttpd ..."
+            service lighttpd restart
+
+            # Loop over all files of this type
+            for filename in "privcert-"*".pem"; do
+              # Check if current file is in use, remove if unused
+              if [[ ! "${filename}" = "privcert-${TIMESTAMP}.pem" ]]; then
+                echo " + Removing unused combined certificate file: ${filename}"
+                rm "${filename}"
+              fi
+            done
+        }
+    }
+}
+
+HANDLER="$1"; shift
+if [[ "${HANDLER}" = "deploy_cert" ]]; then
+  "$HANDLER" "$@"
+fi
+```
\ No newline at end of file