aboutsummaryrefslogtreecommitdiff
path: root/acmeman
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2017-06-02 12:49:14 +0300
committerSergey Poznyakoff <gray@gnu.org.ua>2017-06-02 12:49:14 +0300
commit748f538ad265bb08fec889053a4b1c77d5bc581e (patch)
tree3945a1f34e07d4640c63f156ab5383ed58ae32f8 /acmeman
parent10a8d44e07504176be9e5a583128b09271b4dcf9 (diff)
downloadacmeman-748f538ad265bb08fec889053a4b1c77d5bc581e.tar.gz
acmeman-748f538ad265bb08fec889053a4b1c77d5bc581e.tar.bz2
Restart apache if any of the certificates changed
* acmeman: Version 1.03 New options: --restart, --incdir (apache_layout_tab): Add restart key Run $apache_layout->{restart} at the end, if any of the certificates changed
Diffstat (limited to 'acmeman')
-rwxr-xr-xacmeman51
1 files changed, 44 insertions, 7 deletions
diff --git a/acmeman b/acmeman
index 3e3a11c..a37c27e 100755
--- a/acmeman
+++ b/acmeman
@@ -32,7 +32,7 @@ use Getopt::Long qw(:config gnu_getopt no_ignore_case);
use POSIX qw(strftime time floor);
use Data::Dumper;
-our $VERSION = '1.02';
+our $VERSION = '1.03';
=head1 NAME
@@ -43,6 +43,7 @@ acmeman - manages ACME certificates
B<acmeman>
[B<-Fadns>]
[B<-D> I<N>]
+[B<-I> I<DIR>]
[B<-f> I<FILE>]
[B<-l> B<slackware>|B<debian>|B<rh>]
[B<--alt-names>]
@@ -50,7 +51,10 @@ B<acmeman>
[B<--debug>]
[B<--dry-run>]
[B<--force>]
+[B<--incdir=>I<DIR>]
+[B<--include-directory=>I<DIR>]
[B<--layout=>B<slackware>|B<debian>|B<rh>]
+[B<--restart=>I<COMMAND>]
[B<--stage>]
[B<--time-delta=>I<N>]
[I<DOMAIN>...]
@@ -87,7 +91,8 @@ B<Acmeman> should be started periodically, as a cronjob. Upon startup,
it scans Apache configuration for virtual hosts using ACME certificates,
checks their expiration times, and renews those of the certificates that
are nearing their expiration times within a predefined number of seconds
-(24 hours by default).
+(24 hours by default). If any of the certificates were updated during
+the run, B<acmeman> will restart the B<httpd> server.
=head2 Setup
@@ -213,6 +218,11 @@ certificate that expires within 24 hours.
Force renewal of certificates, no matter their expire date. With B<--setup>,
force installing the B<httpd-letsencrypt.conf> file even if it already
exists.
+
+=item B<-I>, B<--incdir>, B<--include-directory=>I<DIR>
+
+Specifies base directory for Apache B<Include> and B<IncludeOptional>
+statements with relative pathnames.
=item B<-a>, B<--alt-names>
@@ -259,6 +269,10 @@ B<slackware>, B<debian>, and B<rh> (for Red Hat).
Don't modify any files, just print what would have been done.
Implies B<--debug>.
+=item B<--restart=>I<COMMAND>
+
+Specifies the command to restart Apache daemon.
+
=item B<-S>, B<--setup>
Set up the B<acmeman> infrastructure files.
@@ -494,7 +508,7 @@ sub register_domain_certificate {
debug(1, "issuing $crt: CN=$domain, alternatives=@_");
}
}
- return if $dry_run;
+ return 1 if $dry_run;
my $acme = Protocol::ACME->new(
host => $acme_endpoint{$acme_host},
@@ -540,7 +554,9 @@ sub register_domain_certificate {
error("$domain: failed to renew certificate");
print STDERR Dumper([$@]);
}
+ return 0;
}
+ return 1;
}
sub dequote {
@@ -810,7 +826,8 @@ sub coalesce {
my %apache_layout_tab = (
slackware => { config => '/etc/httpd/httpd.conf',
- incdir => '/etc/httpd/extra'
+ incdir => '/etc/httpd/extra',
+ restart => '/etc/rc.d/rc.httpd restart'
},
debian => { config => '/etc/apache2/apache2.conf',
incdir => sub {
@@ -821,6 +838,7 @@ my %apache_layout_tab = (
warn 'none of the expected configuration directories found; falling back to /etc/apache2';
return '/etc/apache2';
},
+ restart => 'service apache2 restart',
post_setup => sub {
my ($filename) = @_;
my $dir = dirname($filename);
@@ -832,7 +850,8 @@ my %apache_layout_tab = (
}
},
rh => { config => '/etc/httpd/conf/httpd.conf',
- incdir => '/etc/httpd/conf.d'
+ incdir => '/etc/httpd/conf.d',
+ restart => 'service httpd restart'
}
);
@@ -861,8 +880,17 @@ GetOptions("h" => sub {
},
"setup|S" => \$setup,
"config-file|f=s" => sub {
- $apache_layout = { config => $_[1] }
+ $apache_layout ||= {};
+ $apache_layout->{config} = $_[1]
},
+ "restart=s" => sub {
+ $apache_layout ||= {};
+ $apache_layout->{restart} = $_[1]
+ },
+ "include-directory|incdir|I=s" => sub {
+ $apache_layout ||= {};
+ $apache_layout->{incdir} = $_[1]
+ },
"alt-names|a" => \$check_alt_names
) or exit(EX_USAGE);
@@ -907,9 +935,18 @@ abend(EX_CONFIG, "filename patterns not defined")
$account_key = Crypt::OpenSSL::RSA->generate_key(4096);
$challenge = Protocol::ACME::Challenge::LocalFile->new({www_root => $www_root});
+my $renewed = 0;
foreach my $vhost (@virthost) {
if ($force || domain_cert_expires(@{$vhost})) {
- register_domain_certificate(@$vhost);
+ $renewed += register_domain_certificate(@$vhost);
+ }
+}
+if ($renewed) {
+ if ($apache_layout->{restart}) {
+ debug(1, "running " . $apache_layout->{restart});
+ exec($apache_layout->{restart}) unless $dry_run;
+ } else {
+ error("apache restart needed, but no restart command is defined; use the --restart option");
}
}

Return to:

Send suggestions and report system problems to the System administrator.