A dehydrated (ACME client) integration on SME Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

43 lines
1.2 KiB

#!/usr/bin/perl -w
# vim: ft=perl:
use strict;
use esmith::DomainsDB;
use esmith::event;
my $d = esmith::DomainsDB->open or die "Couldn't open the domain database\n";
my @domains = ();
# Build a list of domains for which we disable ACME challenge proxypass
# but only during execution of letsencrypt
# This is usefull for situations where you have a https website directly reachable
# from your internal network, but going through a proxypass from the outside. In this case
# both the backend and the frontend needs to have a valid certificate for this name
foreach my $dom ($d->domains, $d->get_all_by_prop(type => 'vhost')){
if (($dom->prop('ProxyPassACMEChallengesDisableOnRenew') || 'no') =~ m/^yes|enabled|1|on$/){
push @domains, $dom;
}
}
# Now, temporarily disable ACME chellenge proxypass
if (@domains > 0){
foreach my $dom (@domains){
$dom->set_prop('ProxyPassACMEChallenges', 'disabled');
}
event_signal("letsencrypt-update");
}
# Execute the real dehydrated script, passing any arg
system("/usr/bin/dehydrated", @ARGV);
# Enable proxypass again
if (@domains > 0){
foreach my $dom (@domains){
$dom->set_prop('ProxyPassACMEChallenges', 'enabled');
}
event_signal("letsencrypt-update");
}