-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch '4-remove-installer-code-and-make-python3-and-new-certbo…
…t-compatible' into 'develop' Resolve "remove installer code and make python3 and new certbot compatible" Closes #4 See merge request open/certbot-haproxy!1
- Loading branch information
Showing
19 changed files
with
97 additions
and
1,318 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
#!/usr/bin/env python3 | ||
|
||
import os | ||
import re | ||
import sys | ||
|
||
# Certbot sets an environment variable RENEWED_LINEAGE, which points to the | ||
# path of the renewed certificate. We use that path to determine and find | ||
# the files for the currently renewed certificated | ||
lineage=os.environ.get('RENEWED_LINEAGE') | ||
|
||
# If nothing renewed, exit | ||
if not lineage: | ||
sys.exit() | ||
|
||
# From the linage, we strip the 'domain name', which is the last part | ||
# of the path. | ||
result = re.match(r'.*/live/(.+)$', lineage) | ||
|
||
# If we can not recognize the path, we exit with 1 | ||
if not result: | ||
sys.exit(1) | ||
|
||
# Extract the domain name | ||
domain = result.group(1) | ||
|
||
# Define a path for HAproxy where you want to write the .pem file. | ||
deploy_path="/etc/haproxy/ssl/" + domain + ".pem" | ||
|
||
# The source files can be found in below paths, constructed with the lineage | ||
# path | ||
source_key = lineage + "/privkey.pem" | ||
source_chain = lineage + "/fullchain.pem" | ||
|
||
# HAproxy requires to combine the key and chain in one .pem file | ||
with open(deploy_path, "w") as deploy, \ | ||
open(source_key, "r") as key, \ | ||
open(source_chain, "r") as chain: | ||
deploy.write(key.read()) | ||
deploy.write(chain.read()) | ||
|
||
# Here you can add your service reload command. Which will be executed after | ||
# every renewal, which is fine if you only have a few domains. | ||
|
||
# Alternative is to add the reload to the --post-hook. In that case it is only | ||
# run once after all renewals. That would be the use-case if you have a large | ||
# number of different certificates served by HAproxy. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.