From ea9333a8efdcacaafd7b50734daa21523bed3021 Mon Sep 17 00:00:00 2001
From: sgf <sgf.dma@gmail.com>
Date: Wed, 12 Apr 2023 17:38:27 +0300
Subject: [PATCH 1/1] Initial commit.

---
 le_isp_update.sh                          | 28 +++++++++++++++++++++++
 systemd/cert_renew.target                 | 12 ++++++++++
 systemd/certbot.service.d/cert_renew.conf |  6 +++++
 systemd/certbot.timer.d/cert_renew.conf   |  9 ++++++++
 systemd/le_isp_update.service             | 12 ++++++++++
 5 files changed, 67 insertions(+)
 create mode 100755 le_isp_update.sh
 create mode 100644 systemd/cert_renew.target
 create mode 100644 systemd/certbot.service.d/cert_renew.conf
 create mode 100644 systemd/certbot.timer.d/cert_renew.conf
 create mode 100644 systemd/le_isp_update.service

diff --git a/le_isp_update.sh b/le_isp_update.sh
new file mode 100755
index 0000000..2c92653
--- /dev/null
+++ b/le_isp_update.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -euf
+
+nl='
+'
+
+readonly isp_cert_dir='/home/httpd-cert'
+readonly le_live_dir='/etc/letsencrypt/live'
+
+user_certs="$(find "$isp_cert_dir" -type f -name '*.crt')"
+IFS="$nl"
+for c in $user_certs; do
+    d="$(basename "$c" .crt)"
+    k="${c%.crt}.key"
+    le_d="${le_live_dir}/$d"
+    if [ "$d" = 'dress-code.su' ]; then
+        continue
+    fi
+    if [ -d "$le_d" ]; then
+        fullchain="${le_d}/fullchain.pem"
+        privkey="${le_d}/privkey.pem"
+        if ! diff -q "$fullchain" "$c" >/dev/null; then
+            cp -L -v "$fullchain" "$c"
+            cp -L -v "$privkey" "$k"
+        fi
+    fi
+done
diff --git a/systemd/cert_renew.target b/systemd/cert_renew.target
new file mode 100644
index 0000000..a968938
--- /dev/null
+++ b/systemd/cert_renew.target
@@ -0,0 +1,12 @@
+[Unit]
+Description=Renew isp certificates
+# Uncomment 'WantedBy=cert_renew.target' in 'certbot.service' and
+# 'le_isp_update.service' for # this to work.
+#StopWhenUnneeded=true
+
+# Or use 'BindsTo'. But this requires 'Type=simple' or 'Type=exec' in
+# 'le_isp_update.service'.
+BindsTo=le_isp_update.service
+
+[Install]
+Also=certbot.service le_isp_update.service
diff --git a/systemd/certbot.service.d/cert_renew.conf b/systemd/certbot.service.d/cert_renew.conf
new file mode 100644
index 0000000..a306391
--- /dev/null
+++ b/systemd/certbot.service.d/cert_renew.conf
@@ -0,0 +1,6 @@
+# Config to work with 'cert_renew.target'.
+#[Service]
+#ExecStart=/bin/sh -c 'echo /usr/bin/certbot -q renew "$(date)" >> /root/1.tmp'
+
+[Install]
+WantedBy=cert_renew.target
diff --git a/systemd/certbot.timer.d/cert_renew.conf b/systemd/certbot.timer.d/cert_renew.conf
new file mode 100644
index 0000000..fc8e5c9
--- /dev/null
+++ b/systemd/certbot.timer.d/cert_renew.conf
@@ -0,0 +1,9 @@
+# Config to work with 'cert_renew.target'.
+[Timer]
+#OnCalendar=
+#OnCalendar=*-*-* *:*:00
+#RandomizedDelaySec=0
+Unit=cert_renew.target
+
+[Install]
+Also=cert_renew.target
diff --git a/systemd/le_isp_update.service b/systemd/le_isp_update.service
new file mode 100644
index 0000000..c918cdf
--- /dev/null
+++ b/systemd/le_isp_update.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Copy renewed certificates to ISP
+Requires=certbot.service
+After=certbot.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/le_isp_update.sh
+
+# For use with 'StopWhenUnneeded=true' in 'cert_renew.target'.
+#[Install]
+#WantedBy=cert_renew.target
-- 
2.20.1