#!/bin/bash MOD_MD_DIR=/var/lib/httpd/md MD_RENEWED_DIR=/var/lib/httpd/md-renewed if [[ -f /etc/md-renewed/md-renewed.conf ]]; then . /etc/md-renewed/md-renewed.conf fi MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null) function set_permissions { local FILE="$1" local OWNER="$2" local GROUP="$3" local MODE="$4" if [[ -z $OWNER ]]; then chown root $FILE else chown $OWNER $FILE fi if [[ -z $GROUP ]]; then chgrp root $FILE else chgrp $GROUP $FILE fi if [[ -z $MODE ]]; then chmod 0600 $FILE else chmod $MODE $FILE fi } function run_copy { local DOMAIN="$1" local CONFIG="$2" CERT_OWNER="root" CERT_GROUP="root" CERT_MODE="0700" CERT_FILE="" KEY_OWNER="root" KEY_GROUP="root" KEY_MODE="0700" KEY_FILE="" SERVICE="" ACRION="restart" . $CONFIG [[ -z $CERT_FILE ]] && exit 0; TEMP_CERT_FILE=$(mktemp) if [[ ! -z $KEY_FILE ]]; then TEMP_KEY_FILE=$(mktemp) fi OLD_UMASK=$(umask) umask 0077 DO_ACTION=n if [[ ! -z $KEY_FILE && $KEY_FILE != $CERT_FILE ]]; then cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $TEMP_KEY_FILE if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then cp -f $TEMP_CERT_FILE $CERT_FILE set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE" DO_ACTION=y fi rm -f $TEMP_CERT_FILE if [[ $(md5sum $TEMP_KEY_FILE) != $(md5sum $KEY_FILE) ]]; then cp -f $TEMP_KEY_FILE $KEY_FILE set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE" DO_ACTION=y fi rm -f $TEMP_KEY_FILE else cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $TEMP_CERT_FILE if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then cp -f $TEMP_CERT_FILE $CERT_FILE set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE" DO_ACTION=y fi rm -f $TEMP_CERT_FILE fi umask $OLD_UMASK if [[ $DO_ACTION == y && ! -z $SERVICE ]]; then ACTION=${ACTION:-restart} /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1 fi } function run_service { local DOMAIN="$1" local CONFIG="$2" SERVICE="" ACTION="" . $CONFIG [[ -z $SERVICE ]] && exit 0; ACTION=${ACTION:-restart} /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1 } function domain_renew { local DOMAIN="$1" for scr in /etc/md-renewed/$DOMAIN/*.cert; do run_copy "$1" "$scr" done for scr in /etc/md-renewed/$DOMAIN/*.service; do run_service "$1" "$scr" done for scr in /etc/md-renewed/$DOMAIN/*.sh; do $scr "$1" done } if [ -z $MD_RENEWED_HOST_DIR ]; then MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed else MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR} MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR} fi if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then mkdir -p $MD_RENEWED_INSTALLING_TARGET chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET fi if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then mkdir -p $MD_RENEWED_INSTALLED_TARGET chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET fi echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}" for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do if [[ ! -f $f ]]; then continue fi DOMAIN=$(basename $f) rm -f $f echo "md-renewed-install.service Checking domain $DOMAIN" echo "md-renewed-install.service Installing domain $DOMAIN" touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN if [[ -d /etc/md-renewed/$DOMAIN ]]; then domain_renew "$DOMAIN" fi done if [[ $1 == "force" ]]; then echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}" for f in ${MOD_MD_DIR}/domains/*; do if [[ ! -d $f ]]; then continue fi DOMAIN=$(basename $f) echo "md-renewed-install.service Checking already installed domain $DOMAIN" if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN fi if [[ -d /etc/md-renewed/$DOMAIN ]]; then domain_renew "$DOMAIN" fi done fi exit 0