From 0f841977cfa1f2b934f433ac4239e612b44e5dcf Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Wed, 13 Jul 2022 13:09:16 +0100
Subject: Use ACME

---
 frontends/scripts/acme.sh.tpl | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 frontends/scripts/acme.sh.tpl

(limited to 'frontends/scripts')

diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl
new file mode 100644
index 0000000..8039168
--- /dev/null
+++ b/frontends/scripts/acme.sh.tpl
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+<%
+  our $primary = $is_primary->($vio0_ip);
+  our $prefix = $primary ? '' : 'www.';
+-%>
+
+<% for my $host (@$acme_hosts) { -%>
+# Requesting and renewing certificate.
+/usr/sbin/acme-client -v <%= $prefix.$host %>
+# Create symlink, so that relayd also can read it.
+crt_path=/etc/ssl/<%= $prefix.$host %>
+if [ -e $crt_path.crt ]; then
+    rm $crt_path.crt
+fi
+ln -s $crt_path.fullchain.pem $crt_path.crt
+
+<% } -%>
+
+# Pick up the new certs.
+/usr/sbin/rcctl reload httpd
+/usr/sbin/rcctl reload relayd
-- 
cgit v1.2.3