acme-acmesh: Don't hard-code certificate directory
The acme-acmesh package hardcoded the certificate path in its hook script. Now that we export it as a variable we can avoid hard-coding and use the variable version instead. Also factor out the linking of certificates into a function so it's not repeated. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This commit is contained in:
Toke Høiland-Jørgensen
parent
e3d6422dc5
commit
152a26da57
1 changed files with 26 additions and 20 deletions
|
|
@ -2,8 +2,8 @@
|
|||
set -u
|
||||
ACME=/usr/lib/acme/client/acme.sh
|
||||
LOG_TAG=acme-acmesh
|
||||
# webroot option deprecated, use the hardcoded value directly in the next major version
|
||||
WEBROOT=${webroot:-$challenge_dir}
|
||||
# webroot option deprecated, use the exported value directly in the next major version
|
||||
WEBROOT=${webroot:-$CHALLENGE_DIR}
|
||||
NOTIFY=/usr/lib/acme/notify
|
||||
|
||||
# shellcheck source=net/acme/files/functions.sh
|
||||
|
|
@ -13,6 +13,28 @@ NOTIFY=/usr/lib/acme/notify
|
|||
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||
export NO_TIMESTAMP=1
|
||||
|
||||
link_certs()
|
||||
{
|
||||
local main_domain
|
||||
local domain_dir
|
||||
domain_dir="$1"
|
||||
main_domain="$2"
|
||||
|
||||
|
||||
if [ ! -e "$CERT_DIR/$main_domain.crt" ]; then
|
||||
ln -s "$domain_dir/$main_domain.cer" "$CERT_DIR/$main_domain.crt"
|
||||
fi
|
||||
if [ ! -e "$CERT_DIR/$main_domain.key" ]; then
|
||||
ln -s "$domain_dir/$main_domain.key" "$CERT_DIR/$main_domain.key"
|
||||
fi
|
||||
if [ ! -e "$CERT_DIR/$main_domain.fullchain.crt" ]; then
|
||||
ln -s "$domain_dir/fullchain.cer" "$CERT_DIR/$main_domain.fullchain.crt"
|
||||
fi
|
||||
if [ ! -e "$CERT_DIR/$main_domain.chain.crt" ]; then
|
||||
ln -s "$domain_dir/ca.cer" "$CERT_DIR/$main_domain.chain.crt"
|
||||
fi
|
||||
}
|
||||
|
||||
case $1 in
|
||||
get)
|
||||
set --
|
||||
|
|
@ -45,20 +67,7 @@ get)
|
|||
|
||||
case $status in
|
||||
0)
|
||||
mkdir -p /etc/ssl/acme
|
||||
if [ ! -e "/etc/ssl/acme/$main_domain.crt" ]; then
|
||||
ln -s "$domain_dir/$main_domain.cer" "/etc/ssl/acme/$main_domain.crt"
|
||||
fi
|
||||
if [ ! -e "/etc/ssl/acme/$main_domain.key" ]; then
|
||||
ln -s "$domain_dir/$main_domain.key" "/etc/ssl/acme/$main_domain.key"
|
||||
fi
|
||||
if [ ! -e "/etc/ssl/acme/$main_domain.fullchain.crt" ]; then
|
||||
ln -s "$domain_dir/fullchain.cer" "/etc/ssl/acme/$main_domain.fullchain.crt"
|
||||
fi
|
||||
if [ ! -e "/etc/ssl/acme/$main_domain.chain.crt" ]; then
|
||||
ln -s "$domain_dir/ca.cer" "/etc/ssl/acme/$main_domain.chain.crt"
|
||||
fi
|
||||
|
||||
link_certs "$domain_dir" "$main_domain"
|
||||
$NOTIFY renewed
|
||||
exit
|
||||
;;
|
||||
|
|
@ -124,10 +133,7 @@ get)
|
|||
|
||||
case $status in
|
||||
0)
|
||||
ln -s "$domain_dir/$main_domain.cer" "/etc/ssl/acme/$main_domain.crt"
|
||||
ln -s "$domain_dir/$main_domain.key" "/etc/ssl/acme/$main_domain.key"
|
||||
ln -s "$domain_dir/fullchain.cer" "/etc/ssl/acme/$main_domain.fullchain.crt"
|
||||
ln -s "$domain_dir/ca.cer" "/etc/ssl/acme/$main_domain.chain.crt"
|
||||
link_certs "$domain_dir" "$main_domain"
|
||||
$NOTIFY issued
|
||||
;;
|
||||
*)
|
||||
|
|
|
|||
Loading…
Reference in a new issue