Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Letsencrypt hook to generate combined fullchain+privkey certificates for software like Haproxy
#!/bin/bash
# SAVE TO /etc/letsencrypt/renewal-hooks/post/generate-bundle-certs.sh
# chmod a+x /etc/letsencrypt/renewal-hooks/post/generate-bundle-certs.sh
find /etc/letsencrypt/live -mindepth 1 -maxdepth 1 -type d -print0 | while IFS='' read -d $'\0' dir; do
# Update only if necessary
test -e "$dir/fullchain.pem" -a \
-e "$dir/privkey.pem" -a \
-e "$dir/fullchain_and_privkey.pem" && \
cmp <(cat "$dir/fullchain.pem" "$dir/privkey.pem") <(cat "$dir/fullchain_and_privkey.pem")
if [ $? -eq 0 ]; then
echo "already updated: $dir/fullchain_and_privkey.pem"
continue
else
echo "updating: $dir/fullchain_and_privkey.pem"
# Atomic update
cat "$dir/fullchain.pem" "$dir/privkey.pem" > "$dir/fullchain_and_privkey.pem.new"
mv -f "$dir/fullchain_and_privkey.pem.new" "$dir/fullchain_and_privkey.pem"
fi
done
@selivan

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment