From 6da9c96fd3ec727125d3e9095cef8b675fe007ff Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Fri, 10 Apr 2026 17:25:42 +0300
Subject: acme.sh: skip standby certs for server FQDNs, restart relayd if dead

- Skip standby.blowfish.buetow.org and standby.fishfinger.buetow.org
  (no DNS records, no httpd/acme-client.conf entries)
- Use 'rcctl check && reload || restart' for relayd so a dead relayd
  gets restarted instead of silently failing on reload

Amp-Thread-ID: https://ampcode.com/threads/T-019d77bf-0537-74e1-a1a9-c1b47d2af392
Co-authored-by: Amp <amp@ampcode.com>
---
 frontends/scripts/acme.sh.tpl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'frontends/scripts')

diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl
index b3301fa..3b3b35f 100644
--- a/frontends/scripts/acme.sh.tpl
+++ b/frontends/scripts/acme.sh.tpl
@@ -48,11 +48,13 @@ handle_cert <%= $host %>
 if [ $? -eq 0 ]; then
     has_update=yes
 fi
+<% unless ($host eq 'blowfish.buetow.org' or $host eq 'fishfinger.buetow.org') { -%>
 handle_cert standby.<%= $host %>
 if [ $? -eq 0 ]; then
     has_update=yes
 fi
 <% } -%>
+<% } -%>
 
 # Current server's FQDN (e.g. for mail server certs)
 handle_cert <%= "$hostname.$domain" %>
@@ -65,6 +67,6 @@ if [ $has_update = yes ]; then
     # TLS offloading fully moved to relayd now
     # /usr/sbin/rcctl reload httpd
 
-    /usr/sbin/rcctl reload relayd
+    /usr/sbin/rcctl check relayd && /usr/sbin/rcctl reload relayd || /usr/sbin/rcctl restart relayd
     /usr/sbin/rcctl restart smtpd
 fi
-- 
cgit v1.2.3