From 2c860a0e2464482b95094a2d5ae1541ecacb5941 Mon Sep 17 00:00:00 2001 From: Eduardo Reveles Date: Thu, 24 Mar 2016 13:47:01 -0600 Subject: [PATCH] Change example letsencrypt.sh hook --- examples/letsencrypt.default.sh | 103 +++++++++++++++++++++++++------- 1 file changed, 81 insertions(+), 22 deletions(-) diff --git a/examples/letsencrypt.default.sh b/examples/letsencrypt.default.sh index 996993d19..709fd4d64 100644 --- a/examples/letsencrypt.default.sh +++ b/examples/letsencrypt.default.sh @@ -1,8 +1,6 @@ #!/usr/bin/env bash - # # Example how to deploy a DNS challange using lexicon -# set -e set -u @@ -10,29 +8,90 @@ set -o pipefail export PROVIDER=${PROVIDER:-"cloudflare"} -done="no" +function deploy_challenge { + local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" + + echo "deploy_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}" + + lexicon $PROVIDER create ${DOMAIN} TXT --name "_acme-challenge.${DOMAIN}." --content "${TOKEN_VALUE}" -if [[ "$1" = "deploy_challenge" ]]; then - echo "deploy_challenge called: ${1}, ${2}, ${3}, ${4}" - lexicon $PROVIDER create ${2} TXT --name "_acme-challenge.${2}." --content "${4}" - done="yes" sleep 30 -fi -if [[ "$1" = "clean_challenge" ]]; then - echo "clean_challenge called: ${1}, ${2}, ${3}, ${4}" - lexicon $PROVIDER delete ${2} TXT --name "_acme-challenge.${2}." --content "${4}" - done="yes" -fi + # This hook is called once for every domain that needs to be + # validated, including any alternative names you may have listed. + # + # Parameters: + # - DOMAIN + # The domain name (CN or subject alternative name) being + # validated. + # - TOKEN_FILENAME + # The name of the file containing the token to be served for HTTP + # validation. Should be served by your web server as + # /.well-known/acme-challenge/${TOKEN_FILENAME}. + # - TOKEN_VALUE + # The token value that needs to be served for validation. For DNS + # validation, this is what you want to put in the _acme-challenge + # TXT record. For HTTP validation it is the value that is expected + # be found in the $TOKEN_FILENAME file. +} + +function clean_challenge { + local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" + + echo "clean_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}" + + lexicon $PROVIDER delete ${DOMAIN} TXT --name "_acme-challenge.${DOMAIN}." --content "${TOKEN_VALUE}" + + # This hook is called after attempting to validate each domain, + # whether or not validation was successful. Here you can delete + # files or DNS records that are no longer needed. + # + # The parameters are the same as for deploy_challenge. +} + +function deploy_cert { + local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" + + echo "deploy_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}" + + # This hook is called once for each certificate that has been + # produced. Here you might, for instance, copy your new certificates + # to service-specific locations and reload the service. + # + # Parameters: + # - DOMAIN + # The primary domain name, i.e. the certificate common + # name (CN). + # - KEYFILE + # The path of the file containing the private key. + # - CERTFILE + # The path of the file containing the signed certificate. + # - FULLCHAINFILE + # The path of the file containing the full certificate chain. + # - CHAINFILE + # The path of the file containing the intermediate certificate(s). +} + +function unchanged_cert { + local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" -if [[ "${1}" = "deploy_cert" ]]; then - echo "deploy_cert called: ${1}, ${2}, ${3}, ${4}" - done="yes" -fi + echo "unchanged_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}" -if [[ ! "${done}" = "yes" ]]; then - echo Unkown hook "${1}" - exit 1 -fi + # This hook is called once for each certificate that is still + # valid and therefore wasn't reissued. + # + # Parameters: + # - DOMAIN + # The primary domain name, i.e. the certificate common + # name (CN). + # - KEYFILE + # The path of the file containing the private key. + # - CERTFILE + # The path of the file containing the signed certificate. + # - FULLCHAINFILE + # The path of the file containing the full certificate chain. + # - CHAINFILE + # The path of the file containing the intermediate certificate(s). +} -exit 0 \ No newline at end of file +HANDLER=$1; shift; $HANDLER $@ \ No newline at end of file