diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2018-04-17 07:05:18 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2018-04-17 07:05:18 +0200 |
commit | 551c486e3f7c5194f2b0905ba055c4b610ae5e74 (patch) | |
tree | f72addedab7828133ae946f53291e7da8ceb2128 /acmeman | |
parent | b2e15909533fccca8d344f4f2678564f5398ad8a (diff) | |
download | acmeman-551c486e3f7c5194f2b0905ba055c4b610ae5e74.tar.gz acmeman-551c486e3f7c5194f2b0905ba055c4b610ae5e74.tar.bz2 |
New statement domain.*.postrenew; core.restart renamed to core.postrenew
Diffstat (limited to 'acmeman')
-rwxr-xr-x | acmeman | 45 |
1 files changed, 35 insertions, 10 deletions
@@ -200,12 +200,12 @@ certificate that expires within 24 hours. The command line option B<--time-delta> overrides this setting. -=item B<restart=>I<COMMAND> +=item B<postrenew=>I<COMMAND> Defines the command to be run at the end of the run if at least one certificate has been updated. Normally this command reloads the httpd server (or whatever server is using the certificates). If more than one -B<restart> statements are defined, they will be run in sequenct in the +B<postrenew> statements are defined, they will be run in sequence, in the same order as they appeared in the configuration file. =item B<source=>I<ID> [I<LAYOUT>] @@ -280,6 +280,11 @@ are allowed. Size of the RSA key to use, in bits. If not set, the B<core.key-size> setting is used. + +=item B<postrenew=>I<CMD> + +Run I<CMD> after successful update. If not given, the B<core.postrenew> +commands will be run. =back @@ -940,12 +945,13 @@ sub collect { next; } } - + if (exists($v->{files})) { if (my $fref = $config->get('files', $v->{files})) { $dom = new App::Acmeman::Domain( cn => $k, alt => $v->{alt}, + postrenew => $v->{postrenew}, %{$fref}); } else { error("files.$v->{files} is referenced from [domain $k], but never declared"); @@ -956,6 +962,7 @@ sub collect { $dom = new App::Acmeman::Domain( cn => $k, alt => $v->{alt}, + postrenew => $v->{postrenew}, %{$config->get('files', $config->get(qw(core files)))}); } push @$aref, $dom; @@ -1012,7 +1019,7 @@ sub cb_parse_bool { my %syntax = ( core => { section => { - restart => { array => 1 }, + postrenew => { array => 1 }, rootdir => { default => '/var/www/acme' }, files => 1, 'time-delta' => { default => 86400 }, @@ -1031,7 +1038,7 @@ my %syntax = ( 'certificate-file' => { mandatory => 1 }, 'key-file' => 1, 'ca-file' => 1, - argument => 1 + argument => 1, } } } @@ -1042,7 +1049,8 @@ my %syntax = ( section => { alt => { array => 1 }, files => 1, - 'key-size' => { re => '^\d+$' } + 'key-size' => { re => '^\d+$' }, + postrenew => 0 } } } @@ -1170,17 +1178,34 @@ my $renewed = 0; foreach my $vhost (@domlist) { next unless selected_domain($vhost); if ($force || domain_cert_expires($vhost)) { - $renewed += register_domain_certificate($vhost); + if (register_domain_certificate($vhost)) { + if (my $cmd = $vhost->postrenew) { + debug(1, "running $cmd"); + unless ($dry_run) { + system($cmd); + if ($? == -1) { + error("$cmd: failed to execute: $!"); + } elsif ($? & 127) { + error("$cmd: died on signal ".($? & 127)); + } elsif (my $code = ($? >> 8)) { + error("$cmd: exited with code $code"); + } + } + } else { + $renewed++; + } + } } } + if ($renewed) { - if ($config->isset(qw(core restart))) { - foreach my $cmd ($config->get(qw(core restart))) { + if ($config->isset(qw(core postrenew))) { + foreach my $cmd ($config->get(qw(core postrenew))) { debug(1, "running $cmd"); system($cmd) unless $dry_run; } } else { - error("certificates changed, but no restart command is defined (core.restart)"); + error("certificates changed, but no postrenew command is defined (core.postrenew)"); } } |