#!/bin/bash H_NAME=$( hostname -f ) LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks LE_CERTS_DIR=/var/lib/acme/live/$H_NAME LE_LOG_DIR=/var/log/letsencrypt HAPROXY_CERTDIR=/etc/pki/haproxy HAPROXY_CERTFILE=$HAPROXY_CERTDIR/haproxy.pem DATE=$( date ) [ ! -d $HAPROXY_CERTDIR ] && mkdir -p $HAPROXY_CERTDIR [ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR echo "$DATE" >> $LE_LOG_DIR/haproxy.log {% if letsencrypt_acme_install %} LE_ENV_FILE=/etc/default/letsencrypt {% endif %} {% if letsencrypt_acme_sh_install %} LE_ENV_FILE=/etc/default/acme_sh_request_env {% endif %} if [ -f "$LE_ENV_FILE" ] ; then . "$LE_ENV_FILE" else echo "No letsencrypt default file" >> $LE_LOG_DIR/haproxy.log fi echo "Building the new certificate file" >> $LE_LOG_DIR/haproxy.log cat ${LE_CERTS_DIR}/{fullchain,privkey} > ${HAPROXY_CERTFILE} chmod 440 ${HAPROXY_CERTFILE} chgrp haproxy ${HAPROXY_CERTFILE} echo "Reload the haproxy service" >> $LE_LOG_DIR/haproxy.log if [ -x /bin/systemctl ] ; then systemctl reload haproxy >> $LE_LOG_DIR/haproxy.log 2>&1 else service haproxy reload >> $LE_LOG_DIR/haproxy.log 2>&1 fi # Run the OCSP stapling script if [ -x /usr/local/bin/hapos-upd ] ; then echo "Run the OCSP stapling updater script" >> $LE_LOG_DIR/haproxy.log /usr/local/bin/hapos-upd --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s {{ haproxy_admin_socket }} -v - >> $LE_LOG_DIR/haproxy.log 2>&1 else echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log fi echo "Done." >> $LE_LOG_DIR/haproxy.log exit 0