-
-
Notifications
You must be signed in to change notification settings - Fork 716
Example of lighttpd combined certificate deployment hook
Alexander Moisseev edited this page Mar 23, 2019
·
1 revision
When using this hook, dehydrated will concatenate privkey.pem and cert.pem to privcert.pem, restart lighttpd and remove unused certificate files.
#!/usr/local/bin/bash
deploy_cert() {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
# This hook is called once for each certificate that has been
# produced. Here you might, for instance, copy your new certificates
# to service-specific locations and reload the service.
#
# Parameters:
# - DOMAIN
# The primary domain name, i.e. the certificate common
# name (CN).
# - KEYFILE
# The path of the file containing the private key.
# - CERTFILE
# The path of the file containing the signed certificate.
# - FULLCHAINFILE
# The path of the file containing the full certificate chain.
# - CHAINFILE
# The path of the file containing the intermediate certificate(s).
# - TIMESTAMP
# Timestamp when the specified certificate was created.
echo "Executing deploy_cert hook $0"
echo " + Creating privcert.pem (a combined privkey.pem + cert.pem)"
cd "$(dirname "${CERTFILE}")" && {
cat "${KEYFILE}" "${CERTFILE}" > "privcert-${TIMESTAMP}.pem" && \
ln -sf "privcert-${TIMESTAMP}.pem" "privcert.pem" && {
echo " + Restarting lighttpd ..."
service lighttpd restart
# Loop over all files of this type
for filename in "privcert-"*".pem"; do
# Check if current file is in use, remove if unused
if [[ ! "${filename}" = "privcert-${TIMESTAMP}.pem" ]]; then
echo " + Removing unused combined certificate file: ${filename}"
rm "${filename}"
fi
done
}
}
}
HANDLER="$1"; shift
if [[ "${HANDLER}" = "deploy_cert" ]]; then
"$HANDLER" "$@"
fi