diff options
| author | Paul Buetow <paul@buetow.org> | 2026-04-10 17:25:42 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-04-10 17:25:42 +0300 |
| commit | 6da9c96fd3ec727125d3e9095cef8b675fe007ff (patch) | |
| tree | 67fe6c066260bee7ec697fc14047d35bee19f3fb /frontends/scripts | |
| parent | 9c2997d5e5fd4e656fe2bbbbd13672288b8b592b (diff) | |
acme.sh: skip standby certs for server FQDNs, restart relayd if dead
- Skip standby.blowfish.buetow.org and standby.fishfinger.buetow.org
(no DNS records, no httpd/acme-client.conf entries)
- Use 'rcctl check && reload || restart' for relayd so a dead relayd
gets restarted instead of silently failing on reload
Amp-Thread-ID: https://ampcode.com/threads/T-019d77bf-0537-74e1-a1a9-c1b47d2af392
Co-authored-by: Amp <amp@ampcode.com>
Diffstat (limited to 'frontends/scripts')
| -rw-r--r-- | frontends/scripts/acme.sh.tpl | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl index b3301fa..3b3b35f 100644 --- a/frontends/scripts/acme.sh.tpl +++ b/frontends/scripts/acme.sh.tpl @@ -48,11 +48,13 @@ handle_cert <%= $host %> if [ $? -eq 0 ]; then has_update=yes fi +<% unless ($host eq 'blowfish.buetow.org' or $host eq 'fishfinger.buetow.org') { -%> handle_cert standby.<%= $host %> if [ $? -eq 0 ]; then has_update=yes fi <% } -%> +<% } -%> # Current server's FQDN (e.g. for mail server certs) handle_cert <%= "$hostname.$domain" %> @@ -65,6 +67,6 @@ if [ $has_update = yes ]; then # TLS offloading fully moved to relayd now # /usr/sbin/rcctl reload httpd - /usr/sbin/rcctl reload relayd + /usr/sbin/rcctl check relayd && /usr/sbin/rcctl reload relayd || /usr/sbin/rcctl restart relayd /usr/sbin/rcctl restart smtpd fi |