Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/acme-acmesh/files/hook.sh
Glen Huang e84f651453 acme: use the hotplug system 
Signed-off-by: Glen Huang <heyhgl@gmail.com>
2022-08-16 00:32:04 +02:00

125 lines
3.1 KiB
Bash
Raw Blame History

#!/bin/sh
set -u
ACME=/usr/lib/acme/acme.sh
LOG_TAG=acme-acmesh
# webroot option deprecated, use the hardcoded value directly in the next major version
WEBROOT=${webroot:-/var/run/acme/challenge}
# shellcheck source=net/acme/files/functions.sh
. /usr/lib/acme/functions.sh
# Needed by acme.sh
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
export NO_TIMESTAMP=1
cmd="$1"
case $cmd in
get)
set --
[ "$debug" = 1 ] && set -- "$@" --debug
case $keylength in
ec-*)
domain_dir="$state_dir/${main_domain}_ecc"
set -- "$@" --ecc
;;
*)
domain_dir="$state_dir/$main_domain"
;;
esac
log info "Running ACME for $main_domain"
if [ -e "$domain_dir" ]; then
if [ "$staging" = 0 ] && grep -q "acme-staging" "$domain_dir/$main_domain.conf"; then
mv "$domain_dir" "$domain_dir.staging"
log info "Certificates are previously issued from a staging server, but staging option is diabled, moved to $domain_dir.staging."
staging_moved=1
else
set -- "$@" --renew --home "$state_dir" -d "$main_domain"
log info "$*"
trap 'ACTION=renewed-failed hotplug-call acme;exit 1' INT
"$ACME" "$@"
status=$?
trap - INT
case $status in
0) ;; # renewed ok, handled by acme.sh hook, ignore.
2) ;; # renew skipped, ignore.
*)
ACTION=renew-failed hotplug-call acme
;;
esac
return 0
fi
fi
for d in $domains; do
set -- "$@" -d "$d"
done
set -- "$@" --keylength "$keylength" --accountemail "$account_email"
if [ "$acme_server" ]; then
set -- "$@" --server "$acme_server"
# default to letsencrypt because the upstream default may change
elif [ "$staging" = 1 ]; then
set -- "$@" --server letsencrypt_test
else
set -- "$@" --server letsencrypt
fi
if [ "$days" ]; then
set -- "$@" --days "$days"
fi
if [ "$dns" ]; then
set -- "$@" --dns "$dns"
if [ "$dalias" ]; then
set -- "$@" --domain-alias "$dalias"
if [ "$calias" ]; then
log err "Both domain and challenge aliases are defined. Ignoring the challenge alias."
fi
elif [ "$calias" ]; then
set -- "$@" --challenge-alias "$calias"
fi
elif [ "$standalone" = 1 ]; then
set -- "$@" --standalone --listen-v6
else
mkdir -p "$WEBROOT"
set -- "$@" --webroot "$WEBROOT"
fi
set -- "$@" --issue --home "$state_dir"
log info "$*"
trap 'ACTION=issue-failed hotplug-call acme;exit 1' INT
"$ACME" "$@" \
--pre-hook 'ACTION=prepare hotplug-call acme' \
--renew-hook 'ACTION=renewed hotplug-call acme'
status=$?
trap - INT
case $status in
0)
ln -s "$domain_dir/$main_domain.cer" /etc/ssl/acme
ln -s "$domain_dir/$main_domain.key" /etc/ssl/acme
ln -s "$domain_dir/fullchain.cer" "/etc/ssl/acme/$main_domain.fullchain.cer"
ln -s "$domain_dir/ca.cer" "/etc/ssl/acme/$main_domain.chain.cer"
ACTION=issued hotplug-call acme
;;
*)
if [ "$staging_moved" = 1 ]; then
mv "$domain_dir.staging" "$domain_dir"
log err "Staging certificate restored"
elif [ -d "$domain_dir" ]; then
failed_dir="$domain_dir.failed-$(date +%s)"
mv "$domain_dir" "$failed_dir"
log err "State moved to $failed_dir"
fi
ACTION=issue-failed hotplug-call acme
return 0
;;
esac
;;
esac
Reference in a new issue View git blame Copy permalink