certificates/dehydrated-cron
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust hook script and add output in case of certification failure.

Browse Source
This commit is contained in:
root 2017-02-06 14:41:36 +01:00
parent 07e85a90cf
commit 518304449f
1 changed files with 98 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
install_dehydrated.sh
View File

@ -5,7 +5,10 @@ _DH_CONF_DIR=/etc/dehydrated
_DH_BASE_DIR=/var/lib/dehydrated _DH_BASE_DIR=/var/lib/dehydrated
_DH_WELL_KNOWN_DIR=/var/www/dehydrated _DH_WELL_KNOWN_DIR=/var/www/dehydrated
STR_PROCESSED="marked to be validated"
STR_SUCCESS="Certificate has been produced" STR_SUCCESS="Certificate has been produced"
STR_INVALID_CHALLENGE="Error: Invalid Challenge"
STR_HTTP_REQUEST_FAILED="Error: HTTP-Request failed"
# ------------- # -------------
# --- Some functions # --- Some functions
@ -772,17 +775,35 @@ if [[ -f "$HOOK_OUT_FILE" ]] ; then
fi fi
fi fi
found=false found_deploy_challenge=false
found_deployed=false
found_request_failure=false
found_invalid_challenge=false
old_IFS=$IFS old_IFS=$IFS
IFS='' IFS=''
> $HOOK_OUT_FILE > $HOOK_OUT_FILE
#regex_deploy="deploy_cert\s*()" #regex_deploy="deploy_cert\s*()"
echononl " Writing file ${HOOK_OUT_FILE}.." echononl " Writing file ${HOOK_OUT_FILE}.."
while read -r line || [[ -n "$line" ]]; do while read -r line || [[ -n "$line" ]]; do
if [[ $line =~ deploy_cert\s*() ]]; then
found=true if [[ $line =~ deploy_challenge\s*\(\) ]]; then
found_deploy_challenge=true
else else
if $found ; then if $found_deploy_challenge ; then
if [[ $line =~ ^"}"$ ]]; then
echo "" >> $HOOK_OUT_FILE
echo " echo \" + Hook: \$DOMAIN - $STR_PROCESSED\"" >> $HOOK_OUT_FILE
echo "" >> $HOOK_OUT_FILE
found_deploy_challenge=false
fi
fi
fi
if [[ $line =~ deploy_cert\s*\(\) ]]; then
found_deployed=true
else
if $found_deployed ; then
if [[ $line =~ ^"}"$ ]]; then if [[ $line =~ ^"}"$ ]]; then
echo "" >> $HOOK_OUT_FILE echo "" >> $HOOK_OUT_FILE
@ -802,7 +823,35 @@ while read -r line || [[ -n "$line" ]]; do
echo " ln -s \"privkey_cert_chain-\${TIMESTAMP}.pem\" \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem\"" >>$HOOK_OUT_FILE echo " ln -s \"privkey_cert_chain-\${TIMESTAMP}.pem\" \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem\"" >>$HOOK_OUT_FILE
echo " echo \" + Hook: \$DOMAIN - $STR_SUCCESS\"" >> $HOOK_OUT_FILE echo " echo \" + Hook: \$DOMAIN - $STR_SUCCESS\"" >> $HOOK_OUT_FILE
echo "" >> $HOOK_OUT_FILE echo "" >> $HOOK_OUT_FILE
found=false found_deployed=false
fi
fi
fi
if [[ $line =~ request_failure\s*\(\) ]]; then
found_request_failure=true
else
if $found_request_failure ; then
if [[ $line =~ ^"}"$ ]]; then
echo "" >> $HOOK_OUT_FILE
echo " echo \" + Hook: \$DOMAIN - $STR_HTTP_REQUEST_FAILED\"" >> $HOOK_OUT_FILE
echo "" >> $HOOK_OUT_FILE
found_request_failure=false
fi
fi
fi
if [[ $line =~ invalid_challenge\s*\(\) ]]; then
found_invalid_challenge=true
else
if $found_invalid_challenge ; then
if [[ $line =~ ^"}"$ ]]; then
echo "" >> $HOOK_OUT_FILE
echo " echo \" + Hook: \$DOMAIN - $STR_INVALID_CHALLENGE\"" >> $HOOK_OUT_FILE
echo "" >> $HOOK_OUT_FILE
found_invalid_challenge=false
fi fi
fi fi
fi fi
@ -1430,14 +1479,21 @@ declare -a zone_to_reload_arr
declare -a _tmp_arr declare -a _tmp_arr
certs_updated=false certs_updated=false
_processed_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')" certs_processed=false
_hosts_processed="\$(cat \$_logfile | grep "$STR_PROCESSED" 2> /dev/null | awk '{print\$3}')"
_successfully_created_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')"
_invalid_challenge="\$(cat \$_logfile | grep "$STR_INVALID_CHALLENGE" 2> /dev/null | awk '{print\$3}')"
_http_request_failed="\$(cat \$_logfile | grep "$STR_HTTP_REQUEST_FAILED" 2> /dev/null | awk '{print\$3}')"
if [[ -n "\$_hosts_processed" ]] ; then
certs_processed=true
fi
# - Evaluate dehydrated's output - see if certificates where created # - Evaluate dehydrated's output - see if certificates where created
# - # -
if [[ -n "\$_processed_hosts" ]] ; then if [[ -n "\$_successfully_created_hosts" ]] ; then
certs_updated=true certs_updated=true
for hostname in \$_processed_hosts ; do for hostname in \$_successfully_created_hosts ; do
# --- # ---
# - Services to restart after changing/adding the certificate # - Services to restart after changing/adding the certificate
@ -1736,7 +1792,8 @@ fi
# - Nothing to do if al is up tp date # - Nothing to do if al is up tp date
# - # -
if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then #if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then
if ! \$certs_updated && ! \$certs_processed ; then
if \$verbose ; then if \$verbose ; then
info "All Certificates are up to date." info "All Certificates are up to date."
@ -1969,7 +2026,7 @@ if \$certs_updated ; then
fi fi
fi fi
if [[ -n "\$_processed_hosts" ]] ; then if [[ -n "\$_successfully_created_hosts" ]] ; then
echo "" echo ""
echo "" echo ""
@ -1977,7 +2034,37 @@ if [[ -n "\$_processed_hosts" ]] ; then
echo "==================================" echo "=================================="
echo "" echo ""
for _hostname in \$_processed_hosts ; do for _hostname in \$_successfully_created_hosts ; do
echo " \$_hostname"
done
echo ""
fi
if [[ -n "\$_invalid_challenge" ]] ; then
echo ""
echo ""
echo "Certificates NOT been created - invalid challenge:"
echo "=================================================="
echo ""
for _hostname in \$_invalid_challenge ; do
echo " \$_hostname"
done
echo ""
fi
if [[ -n "\$_http_request_failed" ]] ; then
echo ""
echo ""
echo "Certificates NOT been created - http request failed:"
echo "===================================================="
echo ""
for _hostname in \$__http_request_failed ; do
echo " \$_hostname" echo " \$_hostname"
done done