Last active
October 10, 2017 03:12
-
-
Save copperwalls/f6daeee7895885fd004371598bead9f0 to your computer and use it in GitHub Desktop.
Hook script for dehydrated (Let's Encrypt)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# -- de-hook.sh ---------------------------------------------------------------- | |
# | |
# This program comes with no warranty. Use at your own risk. | |
# You have been warned. (That said, it works well for me :) | |
# | |
# This script is for reloading Nginx whenever [dehydrated] creates or renews the | |
# certificate file(s). This is meant to be used as a hook wherein `dehydrated` | |
# exports $BASEDIR automatically. | |
# | |
# Written in a way to pass the [ShellCheck] test B) | |
# | |
# It’s also highly readable and serves as an example/template when composing | |
# new scripts. | |
# | |
# Copyright (c) 2017 ed.o | |
# include 'MIT-License.txt' | |
# | |
# | |
# [dehydrated]: https://dehydrated.de | |
# [ShellCheck]: http://www.shellcheck.net | |
# | |
# ------------------------------------------------------------------------------ | |
# Report undefined variables | |
shopt -s -o nounset | |
# Default $BASEDIR; automatically exported by `dehydrated` | |
# Uncomment or change only when testing. | |
#BASEDIR=/etc/dehydrated | |
# Name of this script | |
declare -rx ME=${0##*/} | |
DATE_TODAY=$(date +%F) | |
DOMAINS=$(cat "$BASEDIR/domains.txt") | |
# How I function | |
display_usage() { | |
cat <<EOE | |
This script is meant be run as a hook by dehydrated. | |
Add to ${BASEDIR}/config or as a parameter when running dehydrated e.g., | |
$ dehydrated --cron --hook ${ME} | |
EOE | |
exit 0 | |
} | |
get_mod_date() { | |
local path_to_file="$1" | |
local real_target | |
real_target=$(realpath "$path_to_file") | |
date --reference "$real_target" +%F | |
} | |
reload_if_new_cert() { | |
local pem_file_mod_date | |
for domain in $DOMAINS | |
do | |
pem_file_mod_date=$(get_mod_date "$BASEDIR/certs/$domain/fullchain.pem") | |
[[ "$pem_file_mod_date" == "$DATE_TODAY" ]] \ | |
&& /sbin/service nginx reload | |
done | |
} | |
# This is where the party starts ;) | |
main() { | |
while getopts ":h" opt; do | |
case $opt in | |
h|*) | |
display_usage | |
;; | |
esac | |
done | |
reload_if_new_cert | |
} | |
main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment