Adjust hook script and add output in case of certification failure.
This commit is contained in:
root
parent
07e85a90cf
commit
518304449f
@ -5,7 +5,10 @@ _DH_CONF_DIR=/etc/dehydrated
|
||||
_DH_BASE_DIR=/var/lib/dehydrated
|
||||
_DH_WELL_KNOWN_DIR=/var/www/dehydrated
|
||||
|
||||
STR_PROCESSED="marked to be validated"
|
||||
STR_SUCCESS="Certificate has been produced"
|
||||
STR_INVALID_CHALLENGE="Error: Invalid Challenge"
|
||||
STR_HTTP_REQUEST_FAILED="Error: HTTP-Request failed"
|
||||
|
||||
# -------------
|
||||
# --- Some functions
|
||||
@ -772,17 +775,35 @@ if [[ -f "$HOOK_OUT_FILE" ]] ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
found=false
|
||||
found_deploy_challenge=false
|
||||
found_deployed=false
|
||||
found_request_failure=false
|
||||
found_invalid_challenge=false
|
||||
old_IFS=$IFS
|
||||
IFS=''
|
||||
> $HOOK_OUT_FILE
|
||||
#regex_deploy="deploy_cert\s*()"
|
||||
echononl " Writing file ${HOOK_OUT_FILE}.."
|
||||
while read -r line || [[ -n "$line" ]]; do
|
||||
if [[ $line =~ deploy_cert\s*() ]]; then
|
||||
found=true
|
||||
|
||||
if [[ $line =~ deploy_challenge\s*\(\) ]]; then
|
||||
found_deploy_challenge=true
|
||||
else
|
||||
if $found ; then
|
||||
if $found_deploy_challenge ; then
|
||||
if [[ $line =~ ^"}"$ ]]; then
|
||||
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
echo " echo \" + Hook: \$DOMAIN - $STR_PROCESSED\"" >> $HOOK_OUT_FILE
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
found_deploy_challenge=false
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $line =~ deploy_cert\s*\(\) ]]; then
|
||||
found_deployed=true
|
||||
else
|
||||
if $found_deployed ; then
|
||||
if [[ $line =~ ^"}"$ ]]; then
|
||||
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
@ -802,7 +823,35 @@ while read -r line || [[ -n "$line" ]]; do
|
||||
echo " ln -s \"privkey_cert_chain-\${TIMESTAMP}.pem\" \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem\"" >>$HOOK_OUT_FILE
|
||||
echo " echo \" + Hook: \$DOMAIN - $STR_SUCCESS\"" >> $HOOK_OUT_FILE
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
found=false
|
||||
found_deployed=false
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $line =~ request_failure\s*\(\) ]]; then
|
||||
found_request_failure=true
|
||||
else
|
||||
if $found_request_failure ; then
|
||||
if [[ $line =~ ^"}"$ ]]; then
|
||||
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
echo " echo \" + Hook: \$DOMAIN - $STR_HTTP_REQUEST_FAILED\"" >> $HOOK_OUT_FILE
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
found_request_failure=false
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $line =~ invalid_challenge\s*\(\) ]]; then
|
||||
found_invalid_challenge=true
|
||||
else
|
||||
if $found_invalid_challenge ; then
|
||||
if [[ $line =~ ^"}"$ ]]; then
|
||||
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
echo " echo \" + Hook: \$DOMAIN - $STR_INVALID_CHALLENGE\"" >> $HOOK_OUT_FILE
|
||||
echo "" >> $HOOK_OUT_FILE
|
||||
found_invalid_challenge=false
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
@ -1430,14 +1479,21 @@ declare -a zone_to_reload_arr
|
||||
|
||||
declare -a _tmp_arr
|
||||
certs_updated=false
|
||||
_processed_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')"
|
||||
certs_processed=false
|
||||
_hosts_processed="\$(cat \$_logfile | grep "$STR_PROCESSED" 2> /dev/null | awk '{print\$3}')"
|
||||
_successfully_created_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')"
|
||||
_invalid_challenge="\$(cat \$_logfile | grep "$STR_INVALID_CHALLENGE" 2> /dev/null | awk '{print\$3}')"
|
||||
_http_request_failed="\$(cat \$_logfile | grep "$STR_HTTP_REQUEST_FAILED" 2> /dev/null | awk '{print\$3}')"
|
||||
if [[ -n "\$_hosts_processed" ]] ; then
|
||||
certs_processed=true
|
||||
fi
|
||||
# - Evaluate dehydrated's output - see if certificates where created
|
||||
# -
|
||||
if [[ -n "\$_processed_hosts" ]] ; then
|
||||
if [[ -n "\$_successfully_created_hosts" ]] ; then
|
||||
|
||||
certs_updated=true
|
||||
|
||||
for hostname in \$_processed_hosts ; do
|
||||
for hostname in \$_successfully_created_hosts ; do
|
||||
|
||||
# ---
|
||||
# - Services to restart after changing/adding the certificate
|
||||
@ -1736,7 +1792,8 @@ fi
|
||||
|
||||
# - Nothing to do if al is up tp date
|
||||
# -
|
||||
if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then
|
||||
#if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then
|
||||
if ! \$certs_updated && ! \$certs_processed ; then
|
||||
|
||||
if \$verbose ; then
|
||||
info "All Certificates are up to date."
|
||||
@ -1969,7 +2026,7 @@ if \$certs_updated ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -n "\$_processed_hosts" ]] ; then
|
||||
if [[ -n "\$_successfully_created_hosts" ]] ; then
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
@ -1977,7 +2034,37 @@ if [[ -n "\$_processed_hosts" ]] ; then
|
||||
echo "=================================="
|
||||
echo ""
|
||||
|
||||
for _hostname in \$_processed_hosts ; do
|
||||
for _hostname in \$_successfully_created_hosts ; do
|
||||
echo " \$_hostname"
|
||||
done
|
||||
|
||||
echo ""
|
||||
fi
|
||||
|
||||
if [[ -n "\$_invalid_challenge" ]] ; then
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo "Certificates NOT been created - invalid challenge:"
|
||||
echo "=================================================="
|
||||
echo ""
|
||||
|
||||
for _hostname in \$_invalid_challenge ; do
|
||||
echo " \$_hostname"
|
||||
done
|
||||
|
||||
echo ""
|
||||
fi
|
||||
|
||||
if [[ -n "\$_http_request_failed" ]] ; then
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo "Certificates NOT been created - http request failed:"
|
||||
echo "===================================================="
|
||||
echo ""
|
||||
|
||||
for _hostname in \$__http_request_failed ; do
|
||||
echo " \$_hostname"
|
||||
done
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user