From 04cbbb338462968f63ca69c95223dea28252168d Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Thu, 31 Jul 2025 14:02:21 +0300 Subject: Update --- frontends/scripts/acme.sh.tpl | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'frontends/scripts') diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl index 2136f19..8d30609 100644 --- a/frontends/scripts/acme.sh.tpl +++ b/frontends/scripts/acme.sh.tpl @@ -2,18 +2,35 @@ MY_IP=`ifconfig vio0 | awk '$1 == "inet" { print $2 }'` -function handle_cert { +# New hosts may not have a cert, just copy foo.zone as a +# placeholder, so that services can at least start proprely. +# cert will be updated with next acme-client runs! +ensure_placeholder_cert () { host=$1 - host_ip=`host $host | awk '/has address/ { print $(NF) }'` - if [ "$MY_IP" != "$host_ip" ]; then - echo "Not serving $host, skipping..." - return + copy_from=foo.zone + + if [ ! -f /etc/ssl/$host.crt ]; then + cp -v /etc/ssl/$copy_from.crt /etc/ssl/$host.crt + cp -v /etc/ssl/$copy_from.fullchain.pem /etc/ssl/$host.fullchain.pem + cp -v /etc/ssl/private/$copy_from.key /etc/ssl/private/$host.key fi +} + +handle_cert () { + host=$1 + host_ip=`host $host | awk '/has address/ { print $(NF) }'` + grep -q "^server \"$host\"" /etc/httpd.conf if [ $? -ne 0 ]; then echo "Host $host not configured in httpd, skipping..." return fi + ensure_placeholder_cert "$host" + + if [ "$MY_IP" != "$host_ip" ]; then + echo "Not serving $host, skipping..." + return + fi # Create symlink, so that relayd also can read it. crt_path=/etc/ssl/$host -- cgit v1.2.3