Skip to content

Commit

Permalink
Add support for renewal hook scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
andrew-vant committed Dec 6, 2017
1 parent c968831 commit 5fed2b1
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
16 changes: 16 additions & 0 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,22 @@ You are able to use multidomain certificates:
- awk.opensource-expert.com
- www.awk.opensource-expert.com
You can add renewal hooks if needed; these can be useful for services that
don't run as root, to move certs somewhere they can access:

.. code-block:: yaml
letsencrypt:
client:
hooks:
pre:
- salt://path/to/prehook1.sh
- salt://path/to/prehook2.sh
deploy:
- salt://path/to/deployhook1.sh
post:
- salt://path/to/posthook1.sh
Legacy configuration
--------------------

Expand Down
17 changes: 17 additions & 0 deletions letsencrypt/client/init.sls
Original file line number Diff line number Diff line change
Expand Up @@ -107,4 +107,21 @@ certbot_cron:
{%- endif %}
{%- for hookset, hooks in client.get("hooks", {}).items() %}
{%- for hook in hooks %}
{#- FIXME: Should probably complain if something other than
pre/post/deploy is given, but I'm not sure how. #}
certbot_renewal_{{ hookset }}_hook_{{ loop.index }}:
file.managed:
- name: /etc/letsencrypt/renewal-hooks/{{ hookset }}/{{ hook.split("/") | last }}
- source: {{ hook }}
- template: jinja
- mode: 700
- require:
- cmd: certbot_installed
{%- endfor %}
{%- endfor %}
{%- endif %}

0 comments on commit 5fed2b1

Please sign in to comment.