library/certbot/bin/update_crt_list.sh
crusader 1f98fc734c ing
2018-10-27 12:58:37 +09:00

63 lines
1.7 KiB
Bash

#!/bin/sh
#/etc/haproxy/ssl/example.com.pem example.com
#/etc/haproxy/ssl/www.example.com.pem www.example.com
#/etc/haproxy/ssl/mail.example.com.pem mail.example.com
set -e
update_crt_list() {
local CRT_LIST_PATH=/etc/haproxy/ssl/crt-list.txt
local CERT_LIST=""
local LIVE_DIR_PATH="/etc/letsencrypt/live"
local FULLCHAIN_FILE_NAME="fullchain.pem"
local PRIVATEKEY_FILE_NAME="privkey.pem"
local SSL_DIR_PATH="/etc/haproxy/ssl"
local B_CHANGED=false
if [ ! -d "$LIVE_DIR_PATH" ]; then
mkdir -p $LIVE_DIR_PATH
fi
if [ ! -d "$SSL_DIR_PATH" ]; then
mkdir -p $SSL_DIR_PATH
fi
echo "Generation of crt-list.txt is start."
cd "$LIVE_DIR_PATH"
local DOMAIN_LIST="$(ls)"
for DOMAIN in $DOMAIN_LIST; do
if [ ! -d "$DOMAIN" ]; then
continue
fi
cd "$DOMAIN"
if [ -f "$FULLCHAIN_FILE_NAME" -a -f "$PRIVATEKEY_FILE_NAME" ]; then
# Check if something has changed
OLD_COMBINED_PEM=
[ -f "${SSL_DIR_PATH}/${DOMAIN}.pem" ] && OLD_COMBINED_PEM="$(cat ${SSL_DIR_PATH}/${DOMAIN}.pem)"
CURRENT_COMBINED_PEM="$(cat ${FULLCHAIN_FILE_NAME} ${PRIVATEKEY_FILE_NAME})"
if [ "$OLD_COMBINED_PEM" != "$CURRENT_COMBINED_PEM" ]; then
# Store new combined cert
echo "$CURRENT_COMBINED_PEM" > "${SSL_DIR_PATH}/${DOMAIN}.pem"
B_CHANGED=true
fi
CERT_LIST="${CERT_LIST}${SSL_DIR_PATH}/${DOMAIN}.pem $DOMAIN\n"
fi
cd ..
done
if [ "$CERT_LIST" != "$(cat $CRT_LIST_PATH)" -o $B_CHANGED == true ]; then
# Update list and reload server
DEFAULT_CRT=$(head -n 1 $CRT_LIST_PATH)
echo -e "$DEFAULT_CRT\n$CERT_LIST" > ${CRT_LIST_PATH}
reload_haproxy.sh
fi
echo "Generation of crt-list.txt was ended."
}
update_crt_list