#!/usr/bin/perl -w # vim: ft=perl: use strict; use esmith::DomainsDB; use esmith::event; my $d = esmith::DomainsDB->open or die "Couldn't open the domain database\n"; my @domains = (); # Build a list of domains for which we disable ACME challenge proxypass # but only during execution of letsencrypt # This is usefull for situations where you have a https website directly reachable # from your internal network, but going through a proxypass from the outside. In this case # both the backend and the frontend needs to have a valid certificate for this name foreach my $dom ($d->domains, $d->get_all_by_prop(type => 'vhost')){ if (($dom->prop('ProxyPassACMEChallengesDisableOnRenew') || 'no') =~ m/^yes|enabled|1|on$/){ push @domains, $dom; } } # Now, temporarily disable ACME chellenge proxypass if (@domains > 0){ foreach my $dom (@domains){ $dom->set_prop('ProxyPassACMEChallenges', 'disabled'); } event_signal("letsencrypt-update"); } # Execute the real letsencrypt script, passing any arg system("/usr/bin/letsencrypt.sh", @ARGV); # Enable proxypass again if (@domains > 0){ foreach my $dom (@domains){ $dom->set_prop('ProxyPassACMEChallenges', 'enabled'); } event_signal("letsencrypt-update"); }