v.1.1.4

md-message

@@ -1,10 +1,47 @@
 #!/bin/bash
 
+MOD_MD_DIR=/var/lib/httpd/md
+MD_RENEWED_DIR=/var/lib/httpd/md-renewed
+
+if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
+    . /etc/md-renewed/md-renewed.conf
+fi
+
 MSG="$1"
 DOMAIN="$2"
 
-if [[ $MSG == renewed ]]; then
-    touch /run/md-renewed/$DOMAIN
-fi
+mkdir -p $MD_RENEWED_DIR
+mkdir -p $MD_RENEWED_DIR/{ready,renewing,renewed,installed,expiring,errored,ocsp-renewed,oscp-errored}
+
+case $1 in
+    renewing)
+      if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then
+        exit 1
+      fi
+      hostname > $MD_RENEWED_DIR/renewing/$DOMAIN
+      ;;
+    renewed)
+      rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
+      hostname > $MD_RENEWED_DIR/renewed/$DOMAIN
+      hostname > $MD_RENEWED_DIR/ready/$DOMAIN
+      ;;
+    installed)
+      rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
+      hostname > $MD_RENEWED_DIR/installed/$DOMAIN
+      ;;
+    expiring)
+      hostname > $MD_RENEWED_DIR/expiring/$DOMAIN
+      ;;
+    errored)
+      rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
+      hostname > $MD_RENEWED_DIR/errored/$DOMAIN
+      ;;
+    ocsp-renewed)
+      hostname > $MD_RENEWED_DIR/ocsp-renewed/$DOMAIN
+      ;;
+    ocsp-errored)
+      hostname > $MD_RENEWED_DIR/ocsp-errored/$DOMAIN
+      ;;
+esac
 
 exit 0

md-renewed

@@ -1,5 +1,12 @@
 #!/bin/bash
 
+MOD_MD_DIR=/var/lib/httpd/md
+MD_RENEWED_DIR=/var/lib/httpd/md-renewed
+
+if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
+    . /etc/md-renewed/md-renewed.conf
+fi
+
 function set_permissions
 {
   local FILE="$1"
@@ -48,13 +55,13 @@ function run_copy
     KEY_FILE="$CERT_FILE"
   fi
 
-  cat /var/lib/httpd/md/domains/$DOMAIN/pubcert.pem > $CERT_FILE
+  cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $CERT_FILE
   set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
 
   if [[ $CERT_FILE != $KEY_FILE ]]; then
-    cat /var/lib/httpd/md/domains/$DOMAIN/pubcert.pem > $KEY_FILE
+    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $KEY_FILE
   else
-    cat /var/lib/httpd/md/domains/$DOMAIN/pubcert.pem >> $KEY_FILE
+    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem >> $KEY_FILE
   fi
   set_permissions "$CERT_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
 }
@@ -93,7 +100,7 @@ function domain_renew
 
 HTTP_RELOAD=n
 
-for f in /run/md-renewed/*; do
+for f in ${MD_RENEWED_DIR}/renewed/*; do
   if [[ ! -f $f ]]; then
     continue
   fi
@@ -101,7 +108,7 @@ for f in /run/md-renewed/*; do
   HTTPD_RELOAD=y
   DOMAIN=$(basename $f)
 
-  rm -f $f
+  #rm -f $f
 
   if [[ ! -d /etc/md-renewed/$f ]]; then
     continue

md-renewed-httpd.conf

@@ -0,0 +1,2 @@
+MDMessageCmd /usr/libexec/md-renewed/md-message
+

md-renewed.conf

@@ -1,2 +1,4 @@
-MDMessageCmd /usr/libexec/md-renewed/md-message
+MOD_MD_DIR=/var/lib/httpd/md
+MD_RENEWED_DIR=/var/lib/httpd/md-renewed
+
 

md-renewed.path

@@ -1,5 +1,7 @@
 [Path]
-PathExistsGlob=/run/md-renewed/*
+#PathExistsGlob=/var/lib/httpd/md-renewed/renewed/*
+PathModified=/var/lib/httpd/md-renewed/renewed
+Unit=md-renewed.service
 
 [Install]
 WantedBy=multi-user.target

md-renewed.service

@@ -4,6 +4,7 @@ After=network.target
 
 [Service]
 Type=oneshot
+EnvironmentFile=/etc/md-renewed/md-renewed.conf
 ExecStart=/usr/libexec/md-renewed/md-renewed
 
 [Install]

md-renewed.spec

@@ -1,5 +1,5 @@
 Name:           md-renewed
-Version:        1.0.1
+Version:        1.1.4
 Release:        1%{?dist}
 Summary:        Restart service on Apache module mod_md certificate renewal
 License:        MIT
@@ -12,10 +12,11 @@ Source1:        md-message
 Source2:        md-renewed.path
 Source3:        md-renewed.service
 Source4:        md-renewed-tmpfiles.conf
-Source5:        md-renewed.conf
-Source6:        example.service
-Source7:        example.cert
-Source8:        example.sh
+Source5:        md-renewed-httpd.conf
+Source6:        md-renewed.conf
+Source7:        example.service
+Source8:        example.cert
+Source9:        example.sh
 
 Requires:       httpd
 Requires:       mod_md
@@ -40,26 +41,29 @@ install -d -m 0755 %{buildroot}%{_tmpfilesdir}
 install -m 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/md-renewed.conf
 
 install -d -m 0755 %{buildroot}%{_sysconfdir}/httpd/conf.d
-install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/httpd/conf.d/
-
+install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/httpd/conf.d/md-renewed.conf
 
 install -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed
+install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/md-renewed/
+
 install -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed/example.com
-install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
 install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
-install -m 0755 %{SOURCE8} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
+install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
+install -m 0755 %{SOURCE9} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
 
 %post
 %systemd_post md-renewed.service
+%systemd_post md-renewed.path
 
 %tmpfiles_create %{_tmpfilesdir}/md-renewed.conf
 
 %preun
 %systemd_preun md-renewed.service
-
+%systemd_preun md-renewed.path
 
 %postun
 %systemd_postun md-renewed.service
+%systemd_postun md-renewed.path
 
 %clean
 %{__rm} -rf %{buildroot}
@@ -68,7 +72,7 @@ install -m 0755 %{SOURCE8} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
 %defattr(-,root,root,-)
 
 %dir %{_sysconfdir}/md-renewed
-%config %{_sysconfdir}/md-renewed/*
+%config(noreplace) %{_sysconfdir}/md-renewed/*
 %config %{_sysconfdir}/httpd/conf.d/md-renewed.conf
 
 %{_libexecdir}/md-renewed/md-renewed