diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2017-06-02 12:49:14 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2017-06-02 12:49:14 +0300 |
commit | 748f538ad265bb08fec889053a4b1c77d5bc581e (patch) | |
tree | 3945a1f34e07d4640c63f156ab5383ed58ae32f8 /acmeman | |
parent | 10a8d44e07504176be9e5a583128b09271b4dcf9 (diff) | |
download | acmeman-748f538ad265bb08fec889053a4b1c77d5bc581e.tar.gz acmeman-748f538ad265bb08fec889053a4b1c77d5bc581e.tar.bz2 |
Restart apache if any of the certificates changed
* acmeman: Version 1.03
New options: --restart, --incdir
(apache_layout_tab): Add restart key
Run $apache_layout->{restart} at the end, if any of the certificates changed
Diffstat (limited to 'acmeman')
-rwxr-xr-x | acmeman | 51 |
1 files changed, 44 insertions, 7 deletions
@@ -32,7 +32,7 @@ use Getopt::Long qw(:config gnu_getopt no_ignore_case); use POSIX qw(strftime time floor); use Data::Dumper; -our $VERSION = '1.02'; +our $VERSION = '1.03'; =head1 NAME @@ -43,6 +43,7 @@ acmeman - manages ACME certificates B<acmeman> [B<-Fadns>] [B<-D> I<N>] +[B<-I> I<DIR>] [B<-f> I<FILE>] [B<-l> B<slackware>|B<debian>|B<rh>] [B<--alt-names>] @@ -50,7 +51,10 @@ B<acmeman> [B<--debug>] [B<--dry-run>] [B<--force>] +[B<--incdir=>I<DIR>] +[B<--include-directory=>I<DIR>] [B<--layout=>B<slackware>|B<debian>|B<rh>] +[B<--restart=>I<COMMAND>] [B<--stage>] [B<--time-delta=>I<N>] [I<DOMAIN>...] @@ -87,7 +91,8 @@ B<Acmeman> should be started periodically, as a cronjob. Upon startup, it scans Apache configuration for virtual hosts using ACME certificates, checks their expiration times, and renews those of the certificates that are nearing their expiration times within a predefined number of seconds -(24 hours by default). +(24 hours by default). If any of the certificates were updated during +the run, B<acmeman> will restart the B<httpd> server. =head2 Setup @@ -213,6 +218,11 @@ certificate that expires within 24 hours. Force renewal of certificates, no matter their expire date. With B<--setup>, force installing the B<httpd-letsencrypt.conf> file even if it already exists. + +=item B<-I>, B<--incdir>, B<--include-directory=>I<DIR> + +Specifies base directory for Apache B<Include> and B<IncludeOptional> +statements with relative pathnames. =item B<-a>, B<--alt-names> @@ -259,6 +269,10 @@ B<slackware>, B<debian>, and B<rh> (for Red Hat). Don't modify any files, just print what would have been done. Implies B<--debug>. +=item B<--restart=>I<COMMAND> + +Specifies the command to restart Apache daemon. + =item B<-S>, B<--setup> Set up the B<acmeman> infrastructure files. @@ -494,7 +508,7 @@ sub register_domain_certificate { debug(1, "issuing $crt: CN=$domain, alternatives=@_"); } } - return if $dry_run; + return 1 if $dry_run; my $acme = Protocol::ACME->new( host => $acme_endpoint{$acme_host}, @@ -540,7 +554,9 @@ sub register_domain_certificate { error("$domain: failed to renew certificate"); print STDERR Dumper([$@]); } + return 0; } + return 1; } sub dequote { @@ -810,7 +826,8 @@ sub coalesce { my %apache_layout_tab = ( slackware => { config => '/etc/httpd/httpd.conf', - incdir => '/etc/httpd/extra' + incdir => '/etc/httpd/extra', + restart => '/etc/rc.d/rc.httpd restart' }, debian => { config => '/etc/apache2/apache2.conf', incdir => sub { @@ -821,6 +838,7 @@ my %apache_layout_tab = ( warn 'none of the expected configuration directories found; falling back to /etc/apache2'; return '/etc/apache2'; }, + restart => 'service apache2 restart', post_setup => sub { my ($filename) = @_; my $dir = dirname($filename); @@ -832,7 +850,8 @@ my %apache_layout_tab = ( } }, rh => { config => '/etc/httpd/conf/httpd.conf', - incdir => '/etc/httpd/conf.d' + incdir => '/etc/httpd/conf.d', + restart => 'service httpd restart' } ); @@ -861,8 +880,17 @@ GetOptions("h" => sub { }, "setup|S" => \$setup, "config-file|f=s" => sub { - $apache_layout = { config => $_[1] } + $apache_layout ||= {}; + $apache_layout->{config} = $_[1] }, + "restart=s" => sub { + $apache_layout ||= {}; + $apache_layout->{restart} = $_[1] + }, + "include-directory|incdir|I=s" => sub { + $apache_layout ||= {}; + $apache_layout->{incdir} = $_[1] + }, "alt-names|a" => \$check_alt_names ) or exit(EX_USAGE); @@ -907,9 +935,18 @@ abend(EX_CONFIG, "filename patterns not defined") $account_key = Crypt::OpenSSL::RSA->generate_key(4096); $challenge = Protocol::ACME::Challenge::LocalFile->new({www_root => $www_root}); +my $renewed = 0; foreach my $vhost (@virthost) { if ($force || domain_cert_expires(@{$vhost})) { - register_domain_certificate(@$vhost); + $renewed += register_domain_certificate(@$vhost); + } +} +if ($renewed) { + if ($apache_layout->{restart}) { + debug(1, "running " . $apache_layout->{restart}); + exec($apache_layout->{restart}) unless $dry_run; + } else { + error("apache restart needed, but no restart command is defined; use the --restart option"); } } |