library/certbot/bin/update_crt_list.sh

#!/bin/sh

#/etc/haproxy/ssl/example.com.pem example.com
#/etc/haproxy/ssl/www.example.com.pem www.example.com
#/etc/haproxy/ssl/mail.example.com.pem mail.example.com


set -e

update_crt_list() {
  local CRT_LIST_PATH=/etc/haproxy/ssl/crt-list.txt
  local CERT_LIST=""
  local LIVE_DIR_PATH="/etc/letsencrypt/live"
  local FULLCHAIN_FILE_NAME="fullchain.pem"
  local PRIVATEKEY_FILE_NAME="privkey.pem"
  local SSL_DIR_PATH="/etc/haproxy/ssl"
  local B_CHANGED=false

  if [ ! -d "$LIVE_DIR_PATH" ]; then
    mkdir -p $LIVE_DIR_PATH
  fi
  if [ ! -d "$SSL_DIR_PATH" ]; then
    mkdir -p $SSL_DIR_PATH
  fi

  echo "Generation of crt-list.txt is start."

  cd "$LIVE_DIR_PATH"

  local DOMAIN_LIST="$(ls)"

  for DOMAIN in $DOMAIN_LIST; do
    if [ ! -d "$DOMAIN" ]; then
      continue
    fi
    cd "$DOMAIN"
    if [ -f "$FULLCHAIN_FILE_NAME" -a -f "$PRIVATEKEY_FILE_NAME" ]; then
      # Check if something has changed
      OLD_COMBINED_PEM=
      [ -f "${SSL_DIR_PATH}/${DOMAIN}.pem" ] && OLD_COMBINED_PEM="$(cat ${SSL_DIR_PATH}/${DOMAIN}.pem)"
      CURRENT_COMBINED_PEM="$(cat ${FULLCHAIN_FILE_NAME} ${PRIVATEKEY_FILE_NAME})"
      if [ "$OLD_COMBINED_PEM" != "$CURRENT_COMBINED_PEM" ]; then
        # Store new combined cert
        echo "$CURRENT_COMBINED_PEM" > "${SSL_DIR_PATH}/${DOMAIN}.pem"
        B_CHANGED=true
      fi
      CERT_LIST="${CERT_LIST}${SSL_DIR_PATH}/${DOMAIN}.pem $DOMAIN\n"
    fi
    cd ..
  done

  if [ "$CERT_LIST" != "$(cat $CRT_LIST_PATH)" -o $B_CHANGED == true ]; then
    # Update list and reload server
    DEFAULT_CRT=$(head -n 1 $CRT_LIST_PATH)
    echo -e "$DEFAULT_CRT\n$CERT_LIST" > ${CRT_LIST_PATH}
    reload_haproxy.sh
  fi

  echo "Generation of crt-list.txt was ended."

}

update_crt_list
ing 2018-10-27 03:58:37 +00:00			`#!/bin/sh`

			`#/etc/haproxy/ssl/example.com.pem example.com`
			`#/etc/haproxy/ssl/www.example.com.pem www.example.com`
			`#/etc/haproxy/ssl/mail.example.com.pem mail.example.com`


			`set -e`

			`update_crt_list() {`
			`local CRT_LIST_PATH=/etc/haproxy/ssl/crt-list.txt`
			`local CERT_LIST=""`
			`local LIVE_DIR_PATH="/etc/letsencrypt/live"`
			`local FULLCHAIN_FILE_NAME="fullchain.pem"`
			`local PRIVATEKEY_FILE_NAME="privkey.pem"`
			`local SSL_DIR_PATH="/etc/haproxy/ssl"`
			`local B_CHANGED=false`

			`if [ ! -d "$LIVE_DIR_PATH" ]; then`
			`mkdir -p $LIVE_DIR_PATH`
			`fi`
			`if [ ! -d "$SSL_DIR_PATH" ]; then`
			`mkdir -p $SSL_DIR_PATH`
			`fi`

			`echo "Generation of crt-list.txt is start."`

			`cd "$LIVE_DIR_PATH"`

			`local DOMAIN_LIST="$(ls)"`

			`for DOMAIN in $DOMAIN_LIST; do`
			`if [ ! -d "$DOMAIN" ]; then`
			`continue`
			`fi`
			`cd "$DOMAIN"`
			`if [ -f "$FULLCHAIN_FILE_NAME" -a -f "$PRIVATEKEY_FILE_NAME" ]; then`
			`# Check if something has changed`
			`OLD_COMBINED_PEM=`
			`[ -f "${SSL_DIR_PATH}/${DOMAIN}.pem" ] && OLD_COMBINED_PEM="$(cat ${SSL_DIR_PATH}/${DOMAIN}.pem)"`
			`CURRENT_COMBINED_PEM="$(cat ${FULLCHAIN_FILE_NAME} ${PRIVATEKEY_FILE_NAME})"`
			`if [ "$OLD_COMBINED_PEM" != "$CURRENT_COMBINED_PEM" ]; then`
			`# Store new combined cert`
			`echo "$CURRENT_COMBINED_PEM" > "${SSL_DIR_PATH}/${DOMAIN}.pem"`
			`B_CHANGED=true`
			`fi`
			`CERT_LIST="${CERT_LIST}${SSL_DIR_PATH}/${DOMAIN}.pem $DOMAIN\n"`
			`fi`
			`cd ..`
			`done`

			`if [ "$CERT_LIST" != "$(cat $CRT_LIST_PATH)" -o $B_CHANGED == true ]; then`
			`# Update list and reload server`
			`DEFAULT_CRT=$(head -n 1 $CRT_LIST_PATH)`
			`echo -e "$DEFAULT_CRT\n$CERT_LIST" > ${CRT_LIST_PATH}`
			`reload_haproxy.sh`
			`fi`

			`echo "Generation of crt-list.txt was ended."`

			`}`

			`update_crt_list`