acme-acmesh: Don't hard-code certificate directory
The acme-acmesh package hardcoded the certificate path in its hook script. Now that we export it as a variable we can avoid hard-coding and use the variable version instead. Also factor out the linking of certificates into a function so it's not repeated. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This commit is contained in:
Toke Høiland-Jørgensen
parent
e3d6422dc5
commit
152a26da57
1 changed files with 26 additions and 20 deletions
|
|
@ -2,8 +2,8 @@
|
||||||
set -u
|
set -u
|
||||||
ACME=/usr/lib/acme/client/acme.sh
|
ACME=/usr/lib/acme/client/acme.sh
|
||||||
LOG_TAG=acme-acmesh
|
LOG_TAG=acme-acmesh
|
||||||
# webroot option deprecated, use the hardcoded value directly in the next major version
|
# webroot option deprecated, use the exported value directly in the next major version
|
||||||
WEBROOT=${webroot:-$challenge_dir}
|
WEBROOT=${webroot:-$CHALLENGE_DIR}
|
||||||
NOTIFY=/usr/lib/acme/notify
|
NOTIFY=/usr/lib/acme/notify
|
||||||
|
|
||||||
# shellcheck source=net/acme/files/functions.sh
|
# shellcheck source=net/acme/files/functions.sh
|
||||||
|
|
@ -13,6 +13,28 @@ NOTIFY=/usr/lib/acme/notify
|
||||||
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||||
export NO_TIMESTAMP=1
|
export NO_TIMESTAMP=1
|
||||||
|
|
||||||
|
link_certs()
|
||||||
|
{
|
||||||
|
local main_domain
|
||||||
|
local domain_dir
|
||||||
|
domain_dir="$1"
|
||||||
|
main_domain="$2"
|
||||||
|
|
||||||
|
|
||||||
|
if [ ! -e "$CERT_DIR/$main_domain.crt" ]; then
|
||||||
|
ln -s "$domain_dir/$main_domain.cer" "$CERT_DIR/$main_domain.crt"
|
||||||
|
fi
|
||||||
|
if [ ! -e "$CERT_DIR/$main_domain.key" ]; then
|
||||||
|
ln -s "$domain_dir/$main_domain.key" "$CERT_DIR/$main_domain.key"
|
||||||
|
fi
|
||||||
|
if [ ! -e "$CERT_DIR/$main_domain.fullchain.crt" ]; then
|
||||||
|
ln -s "$domain_dir/fullchain.cer" "$CERT_DIR/$main_domain.fullchain.crt"
|
||||||
|
fi
|
||||||
|
if [ ! -e "$CERT_DIR/$main_domain.chain.crt" ]; then
|
||||||
|
ln -s "$domain_dir/ca.cer" "$CERT_DIR/$main_domain.chain.crt"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
get)
|
get)
|
||||||
set --
|
set --
|
||||||
|
|
@ -45,20 +67,7 @@ get)
|
||||||
|
|
||||||
case $status in
|
case $status in
|
||||||
0)
|
0)
|
||||||
mkdir -p /etc/ssl/acme
|
link_certs "$domain_dir" "$main_domain"
|
||||||
if [ ! -e "/etc/ssl/acme/$main_domain.crt" ]; then
|
|
||||||
ln -s "$domain_dir/$main_domain.cer" "/etc/ssl/acme/$main_domain.crt"
|
|
||||||
fi
|
|
||||||
if [ ! -e "/etc/ssl/acme/$main_domain.key" ]; then
|
|
||||||
ln -s "$domain_dir/$main_domain.key" "/etc/ssl/acme/$main_domain.key"
|
|
||||||
fi
|
|
||||||
if [ ! -e "/etc/ssl/acme/$main_domain.fullchain.crt" ]; then
|
|
||||||
ln -s "$domain_dir/fullchain.cer" "/etc/ssl/acme/$main_domain.fullchain.crt"
|
|
||||||
fi
|
|
||||||
if [ ! -e "/etc/ssl/acme/$main_domain.chain.crt" ]; then
|
|
||||||
ln -s "$domain_dir/ca.cer" "/etc/ssl/acme/$main_domain.chain.crt"
|
|
||||||
fi
|
|
||||||
|
|
||||||
$NOTIFY renewed
|
$NOTIFY renewed
|
||||||
exit
|
exit
|
||||||
;;
|
;;
|
||||||
|
|
@ -124,10 +133,7 @@ get)
|
||||||
|
|
||||||
case $status in
|
case $status in
|
||||||
0)
|
0)
|
||||||
ln -s "$domain_dir/$main_domain.cer" "/etc/ssl/acme/$main_domain.crt"
|
link_certs "$domain_dir" "$main_domain"
|
||||||
ln -s "$domain_dir/$main_domain.key" "/etc/ssl/acme/$main_domain.key"
|
|
||||||
ln -s "$domain_dir/fullchain.cer" "/etc/ssl/acme/$main_domain.fullchain.crt"
|
|
||||||
ln -s "$domain_dir/ca.cer" "/etc/ssl/acme/$main_domain.chain.crt"
|
|
||||||
$NOTIFY issued
|
$NOTIFY issued
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue