2022-09-23 13:52:06 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
LE_CERTS_DIR="{{ letsencrypt_acme_sh_certificates_install_path }}"
|
|
|
|
LE_LOG_DIR=/var/log/letsencrypt
|
|
|
|
LE_LOGFILE="$LE_LOG_DIR/keycloak.log"
|
|
|
|
KEYCLOAK_CERTS_DIR="{{ keycloak_conf_directory }}"
|
|
|
|
KEYCLOAK_KEYFILE="{{ keycloak_conf_directory }}/server.key.pem"
|
|
|
|
keycloak_CERTFILE="{{ keycloak_conf_directory }}/server.crt.pem"
|
|
|
|
DATE=$( date )
|
|
|
|
RETVAL=
|
|
|
|
|
|
|
|
[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
|
|
|
|
echo "$DATE" >> "$LE_LOGFILE"
|
|
|
|
|
|
|
|
logger "acme-keycloak-hook: Check if the certificate has been renewed"
|
|
|
|
cmp ${LE_CERTS_DIR}/privkey ${KEYCLOAK_KEYFILE}
|
|
|
|
RETVAL=$?
|
|
|
|
if [ $RETVAL -eq 0 ] ; then
|
|
|
|
logger "acme-keycloak-hook: No new cerficate."
|
|
|
|
echo "acme-keycloak-hook: No new cerficate." >> $LE_LOGFILE
|
|
|
|
exit 0
|
|
|
|
else
|
|
|
|
logger "acme-keycloak-hook: Copying the key file"
|
|
|
|
echo "Copy the certificate files" >> $LE_LOGFILE
|
|
|
|
/bin/cp -f ${LE_CERTS_DIR}/privkey ${KEYCLOAK_KEYFILE}
|
|
|
|
/bin/cp -f ${LE_CERTS_DIR}/fullchain ${KEYCLOAK_CERTFILE}
|
|
|
|
fi
|
|
|
|
|
|
|
|
chmod 440 ${KEYCLOAK_KEYFILE} ${KEYCLOAK_CERTFILE}
|
|
|
|
chown root ${KEYCLOAK_KEYFILE} ${KEYCLOAK_CERTFILE}
|
|
|
|
chgrp keycloak ${KEYCLOAK_KEYFILE} ${KEYCLOAK_CERTFILE}
|
|
|
|
|
2022-09-24 18:12:14 +02:00
|
|
|
logger "acme-keycloak-hook: Restart the {{ keycloak_service_name }} service after a certificate renewal"
|
|
|
|
systemctl restart {{ keycloak_service_name }} >> $LE_LOGFILE 2>&1
|
|
|
|
echo "acme-keycloak-hook: Restart the {{ keycloak_service_name }} service" >> $LE_LOGFILE
|
2022-09-23 13:52:06 +02:00
|
|
|
|
|
|
|
logger "acme-keycloak-hook: Done"
|
|
|
|
echo "acme-keycloak-hook: Done." >> $LE_LOGFILE
|
|
|
|
|
|
|
|
exit 0
|