starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-05-28 17:49:11 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Created Example of lighttpd combined certificate deployment hook (markdown)

Alexander Moisseev
2019-03-23 13:05:11 +03:00
parent d48c035e10
commit 1e5f9d7675
1 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Example-of-lighttpd-combined-certificate-deployment-hook.md
+53
@@ -0,0 +1,53 @@
When using this hook, dehydrated will concatenate `privkey.pem` and `cert.pem` to `privcert.pem`, restart lighttpd and remove unused certificate files.
```sh
#!/usr/local/bin/bash
deploy_cert() {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
# This hook is called once for each certificate that has been
# produced. Here you might, for instance, copy your new certificates
# to service-specific locations and reload the service.
#
# Parameters:
# - DOMAIN
# The primary domain name, i.e. the certificate common
# name (CN).
# - KEYFILE
# The path of the file containing the private key.
# - CERTFILE
# The path of the file containing the signed certificate.
# - FULLCHAINFILE
# The path of the file containing the full certificate chain.
# - CHAINFILE
# The path of the file containing the intermediate certificate(s).
# - TIMESTAMP
# Timestamp when the specified certificate was created.
echo "Executing deploy_cert hook $0"
echo " + Creating privcert.pem (a combined privkey.pem + cert.pem)"
cd "$(dirname "${CERTFILE}")" && {
cat "${KEYFILE}" "${CERTFILE}" > "privcert-${TIMESTAMP}.pem" && \
ln -sf "privcert-${TIMESTAMP}.pem" "privcert.pem" && {
echo " + Restarting lighttpd ..."
service lighttpd restart
# Loop over all files of this type
for filename in "privcert-"*".pem"; do
# Check if current file is in use, remove if unused
if [[ ! "${filename}" = "privcert-${TIMESTAMP}.pem" ]]; then
echo " + Removing unused combined certificate file: ${filename}"
rm "${filename}"
fi
done
}
}
}
HANDLER="$1"; shift
if [[ "${HANDLER}" = "deploy_cert" ]]; then
"$HANDLER" "$@"
fi
```