So, I've installed certbot some time ago and I'm trying to find a bash script to copy fullchain.pem and privkey.pem to another location, chown them and reload the application running it, but only when the renewed domain/subdomain matches, like when I renew sub.domain.tld
I've searched a bit on the internet but I don't seem to find what I'm looking for
You'd still need to script the copy/chowning yourself, bt that shouldn't be too hard.
You'll find more info about --deploy-hook at the end of the documentation page (command line options), such as the $RENEWED_LINEAGE variable. Why that information isn't available in the general text earlier on in the documentation is a mystery to me though.
Although I'm a bit new to bash and all of that, I was wondering if we could check if the domain is the one being renewed in some other way?
something like:
SUBDOMAIN="irc.ptirc.org"
if [[$RENEWED_LINEAGE == *"$SUBDOMAIN"*]]; then
....
You can write the script in very different ways, I always try to avoid the use of wildcards because could complicate things but if you want to use it remember to write a space after [ and before ]
SUBDOMAIN="irc.ptirc.org"
if [[ "$RENEWED_LINEAGE" = *"$SUBDOMAIN"* ]]; then
After discussing my shell script with some bash gurus on IRC, I've made a better script, that should run anywhere POSIX shells are available.
#!/bin/sh
# NOTE: This scripts was made to work with certbot. I don't guarantee it will
# work with other ACME clients.
#
# This was tested in Ubuntu 20.04. This should work as it is on
# Debian/Ubuntu based distros. For other distros please check Certbot
# documentation.
#
# Place this script inside /etc/letsencrypt/renewal-hooks/deploy/ and
# name it `deploy_irc'
#
# Make the script executable with:
#
# chmod +x /etc/letsencrypt/renewal-hooks/deploy/deploy_irc
#
# Edit the subdomain, user and paths to fit your setup.
# Enjoy!
# What's your subdomain?
subdomain=irc.domain.tld
# What is the shell user running UnrealIRCd?
user=ircd
# What is the shell group of the user running UnrealIRCd?
# Usually it's the same as the user specified above.
# You shouldn't have to edit this unless you've added the user to another group
group=$user
# Path to UnrealIRCd executable folder
# Usually "/home/<user>/unrealircd/" when installed normally
execdir=/home/$user/unrealircd
# Path to the UnrealIRCd tls folder
# Usually `/home/<user>/unrealircd/conf/tls' when installed normally
# You shouldn't have to edit this unless you've customised your installation
tlsdir=$execdir/conf/tls
# Don't edit anything below unless you know exactly what you're doing.
# If you touch the code below and then complain the script "suddenly stopped working" I'll touch you at night.
case $RENEWED_LINEAGE in
*/"$subdomain")
cp -f -- "$RENEWED_LINEAGE"/fullchain.pem "$RENEWED_LINEAGE"/privkey.pem "$tlsdir" &&
chown -- "$user":"$group" "$tlsdir"/fullchain.pem "$tlsdir"/privkey.pem &&
"$execdir"/unrealircd reloadtls &&
"$execdir"/unrealircd rehash
esac
Do note though that your search parameter *"$subdomain"* will match all lineages containing your hostname.
So if you, for some reason, would develop an IRC statistics site with the hostname stats.irc.domain.tld, it would be matched and overwrite the files in $tlsdir.
I'm not sure what the best matching method is other than what you're using now, as the path in $RENEWED_LINEAGEcan be customised by the user. So just removing the /etc/letsencrypt/live/ part isn't enough. Unless you accept that the script is only useful for certificates from within the default certbot paths.