#!/bin/sh #------------------------------------------------------------------------------ # /var/install/bin/certs_letsencrypt-hook # # Copyright (c) 2016-2016 The Eisfair Team, team(at)eisfair(dot)org # # Creation : 2016-09-02 jed # Last Update: $Id$ # # Available hooks: # - clean_challenge # - deploy_cert # - deploy_challenge # - unchanged_cert # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #------------------------------------------------------------------------------ module_name=`basename $0 | cut -d- -f1` # debug mode true/false #debug=true if ${debug:-false} then exec 2> /tmp/${module_name}-hook-trace$$.log set -x ask_debug=true export ask_debug fi configfile=/etc/config.d/${module_name} letsencrypt_data_path=/var/certs/letsencrypt LETSENCRYPT_DATA_PATH=`grep "^LETSENCRYPT_DATA_PATH=" ${configfile} | sed -e 's/#.*$//' -e "s/^.*=['\"]\(.*\)['\"].*$/\1/" -e 's#/ *$##'` if [ -n "${LETSENCRYPT_DATA_PATH}" ] then letsencrypt_data_path="${LETSENCRYPT_DATA_PATH}" fi #------------------------------------------------------------------------------ # !! BASEDIR and WELLKNOWN variables are also exported and can be used in # !! an external program. #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # deploy_challenge - This hook is called once for every domain that needs # to be validated, including any alternative names you # may have listed. # # Parameters: # # DOMAIN - The domain name (CN or subject alternative name) being # validated. # TOKEN_FILENAME - The name of the file containing the token to be served # for HTTP validation. Should be served by your web server # as /.well-known/acme-challenge/${TOKEN_FILENAME}. # TOKEN_VALUE - The token value that needs to be served for validation. # For DNS validation, this is what you want to put in the # _acme-challenge TXT record. For HTTP validation it is # the value that is expected be found in the $TOKEN_FILENAME # file. #------------------------------------------------------------------------------ deploy_challenge () { local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" if [ -s ${letsencrypt_data_path}/${module_name}_deploy_challenge ] then echo "-> Executing hook script 'deploy_challenge' ..." /bin/sh ${letsencrypt_data_path}/${module_name}_deploy_challenge fi } #------------------------------------------------------------------------------ # clean_challenge - This hook is called after attempting to validate each # domain, whether or not validation was successful. Here # you can delete files or DNS records that are no longer # needed. # # Parameters: # # DOMAIN - The domain name (CN or subject alternative name) being # validated. # TOKEN_FILENAME - The name of the file containing the token to be served # for HTTP validation. Should be served by your web server # as /.well-known/acme-challenge/${TOKEN_FILENAME}. # TOKEN_VALUE - The token value that needs to be served for validation. # For DNS validation, this is what you want to put in the # _acme-challenge TXT record. For HTTP validation it is # the value that is expected be found in the $TOKEN_FILENAME # file. #------------------------------------------------------------------------------ clean_challenge () { local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" if [ -s ${letsencrypt_data_path}/${module_name}_clean_challenge ] then echo "-> Executing hook script 'clean_challenge' ..." /bin/sh ${letsencrypt_data_path}/${module_name}_clean_challenge fi } #------------------------------------------------------------------------------ # deploy_cert - This hook is called once for each certificate that has # been produced. Here you might, for instance, copy your # new certificates to service-specific locations and reload # the service. # # Parameters: # # DOMAIN - The primary domain name, i.e. the certificate common # name (CN). # KEYFILE - The path of the file containing the private key. # CERTFILE - The path of the file containing the signed certificate. # FULLCHAINFILE - The path of the file containing the full certificate # chain. # CHAINFILE - The path of the file containing the intermediate # certificate(s). # TIMESTAMP - Timestamp when the specified certificate was created. #------------------------------------------------------------------------------ deploy_cert () { local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}" if [ -s ${letsencrypt_data_path}/${module_name}_deploy_cert ] then echo "-> Executing hook script 'deploy_cert' ..." /bin/sh ${letsencrypt_data_path}/${module_name}_deploy_cert fi } #------------------------------------------------------------------------------ # unchanged_cert - This hook is called once for each certificate that is # still valid and therefore wasn't reissued. # # Parameters: # # DOMAIN - The primary domain name, i.e. the certificate common # name (CN). # KEYFILE - The path of the file containing the private key. # CERTFILE - The path of the file containing the signed certificate. # FULLCHAINFILE - The path of the file containing the full certificate # chain. # CHAINFILE - The path of the file containing the intermediate # certificate(s). #------------------------------------------------------------------------------ unchanged_cert () { local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" if [ -s ${letsencrypt_data_path}/${module_name}_unchanged_cert ] then echo "-> Executing hook script 'unchanged_cert' ..." /bin/sh ${letsencrypt_data_path}/${module_name}_unchanged_cert fi } #============================================================================== # main #============================================================================== HANDLER=$1 shift ${HANDLER} $@ #============================================================================== # end #==============================================================================