#!/usr/bin/sh
acmedir="/var/lib/acme"
#acmedir="test"
notify="${acmedir}/.notify"
verbose="n"
mkdir -p "$notify"
scancerts() {
if test -e "${notify}/notify"; then
find "${acmedir}/certs" -name '*.crt' -newer "${notify}/notify" -print0
else
find "${acmedir}/certs" -name '*.crt' -print0
fi | xargs -0 /usr/libexec/acme-tiny/notify -v
touch "${notify}/notify"
}
for cert in "$@"; do
case "$cert" in
-v|--verbose) verbose="y"; continue;;
-s|--scan) scancerts; continue;;
-*) echo "Invalid option $cert"; exit 2;;
esac
name="${cert##*/}"
script="/etc/acme-tiny/notify.d/${name%.crt}.sh"
# kick apache if cert is mentioned
if test "$cert" -nt "${notify}/httpd"; then
if grep "$cert" /etc/httpd/conf.d/*.conf >/dev/null 2>&1; then
apachectl graceful && touch "${notify}/httpd" && \
[ "$verbose" = "y" ] && echo "Httpd reloaded"
fi
fi
# kick sendmail if cert is mentioned
if test "$cert" -nt "${notify}/sendmail"; then
if grep "/etc/pki/tls/certs/$name" /etc/mail/*.cf >/dev/null 2>&1; then
cp "$cert" /etc/pki/tls/certs && systemctl restart sendmail \
&& touch "${notify}/sendmail" && \
[ "$verbose" = "y" ] && echo "Sendmail reloaded"
fi
fi
# kick dovecot if cert is mentioned
if test "$cert" -nt "${notify}/dovecot"; then
if grep "/etc/pki/dovecot/certs/$name" /etc/dovecot/conf.d/10-ssl.conf >/dev/null 2>&1; then
cp "$cert" /etc/pki/dovecot/certs && systemctl restart dovecot \
&& touch "${notify}/dovecot" && \
[ "$verbose" = "y" ] && echo "Dovecot reloaded"
fi
fi
# run any dropin extension
if test -x "$script"; then
[ "$verbose" = "y" ] && echo "Running $script $cert"
ACMEDIR="$acmedir" NOTIFY="$notify" VERBOSE="$verbose" "$script" "$cert"
fi
done