--- /dev/null
+#!/bin/sh
+
+set -euf
+
+nl='
+'
+
+readonly isp_cert_dir='/home/httpd-cert'
+readonly le_live_dir='/etc/letsencrypt/live'
+
+user_certs="$(find "$isp_cert_dir" -type f -name '*.crt')"
+IFS="$nl"
+for c in $user_certs; do
+ d="$(basename "$c" .crt)"
+ k="${c%.crt}.key"
+ le_d="${le_live_dir}/$d"
+ if [ "$d" = 'dress-code.su' ]; then
+ continue
+ fi
+ if [ -d "$le_d" ]; then
+ fullchain="${le_d}/fullchain.pem"
+ privkey="${le_d}/privkey.pem"
+ if ! diff -q "$fullchain" "$c" >/dev/null; then
+ cp -L -v "$fullchain" "$c"
+ cp -L -v "$privkey" "$k"
+ fi
+ fi
+done
--- /dev/null
+[Unit]
+Description=Renew isp certificates
+# Uncomment 'WantedBy=cert_renew.target' in 'certbot.service' and
+# 'le_isp_update.service' for # this to work.
+#StopWhenUnneeded=true
+
+# Or use 'BindsTo'. But this requires 'Type=simple' or 'Type=exec' in
+# 'le_isp_update.service'.
+BindsTo=le_isp_update.service
+
+[Install]
+Also=certbot.service le_isp_update.service
--- /dev/null
+# Config to work with 'cert_renew.target'.
+#[Service]
+#ExecStart=/bin/sh -c 'echo /usr/bin/certbot -q renew "$(date)" >> /root/1.tmp'
+
+[Install]
+WantedBy=cert_renew.target
--- /dev/null
+# Config to work with 'cert_renew.target'.
+[Timer]
+#OnCalendar=
+#OnCalendar=*-*-* *:*:00
+#RandomizedDelaySec=0
+Unit=cert_renew.target
+
+[Install]
+Also=cert_renew.target
--- /dev/null
+[Unit]
+Description=Copy renewed certificates to ISP
+Requires=certbot.service
+After=certbot.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/le_isp_update.sh
+
+# For use with 'StopWhenUnneeded=true' in 'cert_renew.target'.
+#[Install]
+#WantedBy=cert_renew.target
projects / le_isp_update.git / commitdiff