diff options
| author | Lexi Winter <ivy@FreeBSD.org> | 2025-06-03 13:45:29 +0100 |
|---|---|---|
| committer | Lexi Winter <ivy@FreeBSD.org> | 2025-06-03 13:45:29 +0100 |
| commit | 377879d3a4b28ff57b19fc9cba6fa0a2152cb3b2 (patch) | |
| tree | c62f14f4ceba25b2221b666798a6e9e29ec642c9 | |
| parent | 04f8eee3481a09ff5ecb38d6260d12fd075b72d7 (diff) | |
| download | lfacme-377879d3a4b28ff57b19fc9cba6fa0a2152cb3b2.tar.gz lfacme-377879d3a4b28ff57b19fc9cba6fa0a2152cb3b2.tar.bz2 | |
use the correct config dir in hook scripts
| -rw-r--r-- | domains.conf.5 | 5 | ||||
| -rw-r--r-- | init.sh | 15 | ||||
| -rw-r--r-- | lfacme-renew.sh | 3 |
3 files changed, 18 insertions, 5 deletions
diff --git a/domains.conf.5 b/domains.conf.5 index 0f587e7..ba65610 100644 --- a/domains.conf.5 +++ b/domains.conf.5 @@ -106,6 +106,11 @@ A certificate has been issued or renewed. .Pp The following environment variables will be set when running the hook script: .Bl -tag -width LFACME_CERTFILE +.It Sy LFACME_CONFDIR +The +.Nm lfacme +configuration directory, e.g. +.Pa /usr/local/etc/lfacme . .It Sy LFACME_CERT The identifier of the certificate, i.e. the first field in .Nm . @@ -27,10 +27,16 @@ _BASEDIR="/usr/local" _SHARE="${_BASEDIR}/share/lfacme" _CHALLENGE="${_SHARE}/challenge" -# Our configuration directory. This might be overridden by command-line -# arguments. +# Our configuration directory. If $_CONFDIR is already set, then the script +# wants to provide its own config directory, probably from a command line +# argument. Otherwise if $LFACME_CONFDIR is set, we're running in a hook +# script, so use that as the config directory. Otherwise, use the default. if [ -z "$_CONFDIR" ]; then - _CONFDIR="${_BASEDIR}/etc/lfacme" + if ! [ -z "$LFACME_CONFDIR" ]; then + _CONFDIR="$LFACME_CONFDIR" + else + _CONFDIR="${_BASEDIR}/etc/lfacme" + fi fi # Our configuration file. @@ -70,7 +76,8 @@ _UACME_DIR="${ACME_DATADIR}/certs" _UACME=/usr/local/bin/uacme _uacme() { - "$_UACME" -a "$ACME_URL" -c "$_UACME_DIR" "$@" + env "LFACME_CONFDIR=${_CONFDIR}" \ + "$_UACME" -a "$ACME_URL" -c "$_UACME_DIR" "$@" } # Find a challenge script and make sure it's valid. If the challenge name diff --git a/lfacme-renew.sh b/lfacme-renew.sh index b9ebb38..f7878e6 100644 --- a/lfacme-renew.sh +++ b/lfacme-renew.sh @@ -214,7 +214,8 @@ _docert() { # otherwise, exit code is 0 which means we (re)issued the cert, # so run the hooks. for hook in $_rhooks; do - env "LFACME_CERT=${identifier}" \ + env "LFACME_CONFDIR=${_CONFDIR}" \ + "LFACME_CERT=${identifier}" \ "LFACME_KEYFILE=${keyfile}" \ "LFACME_CERTFILE=${certfile}" \ $hook newcert |