#!/bin/bash H_NAME="{{ letsencrypt_acme_sh_certs_data_prefix }}" LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks LE_CERTS_DIR=/var/lib/acme/live/$H_NAME LE_LOG_DIR=/var/log/letsencrypt HAPROXY_CERTDIR=/etc/pki/haproxy HAPROXY_CERTFILE=$HAPROXY_CERTDIR/haproxy.pem DATE=$( date ) [ ! -d $HAPROXY_CERTDIR ] && mkdir -p $HAPROXY_CERTDIR [ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR echo "$DATE" >> $LE_LOG_DIR/haproxy.log {% if letsencrypt_acme_install %} LE_ENV_FILE=/etc/default/acme_sh_request_env {% endif %} if [ -f "$LE_ENV_FILE" ] ; then . "$LE_ENV_FILE" else echo "No letsencrypt default file" >> $LE_LOG_DIR/haproxy.log fi haproxy_socket={% if not haproxy_docker_container %}{{ haproxy_admin_socket }}{% else %}{{ haproxy_docker_socket_dir }}/{{ haproxy_admin_socket_file }}{% endif %} echo "Building the new certificate file" >> $LE_LOG_DIR/haproxy.log cat ${LE_CERTS_DIR}/{fullchain,privkey} > ${HAPROXY_CERTFILE} chmod 440 ${HAPROXY_CERTFILE} chgrp haproxy ${HAPROXY_CERTFILE} # Run the OCSP stapling script if [ -x /usr/local/bin/hapos-upd ] ; then upd_retval= echo "Run the OCSP stapling updater script" >> $LE_LOG_DIR/haproxy.log /usr/local/bin/hapos-upd {% if haproxy_docker_container %}-S{% endif %} --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s $haproxy_socket -v - >> $LE_LOG_DIR/haproxy.log 2>&1 upd_retval=$? if [ $upd_retval -ne 0 ] ; then rm -f ${HAPROXY_CERTFILE}.issuer /usr/local/bin/hapos-upd {% if haproxy_docker_container %}-S{% endif %} --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s $haproxy_socket -v - >> $LE_LOG_DIR/haproxy.log 2>&1 fi else echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log fi {% if not haproxy_docker_container %} echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log if [ -x /bin/systemctl ] ; then systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1 else service haproxy reload >> $LE_LOG_DIR/haproxy.log 2>&1 fi {% else %} docker kill --signal USR2 $(docker container ls --filter name=haproxy_haproxy --quiet) {% endif %} echo "Done." >> $LE_LOG_DIR/haproxy.log exit 0