#!/usr/bin/env bash source "${SNAP}/init" DOMAIN=`snapctl get domain` if [ "${USER}" != "root" ]; then echo "Run as root!" exit 1 fi echo "See log (journal -exf --grep=${SNAP_NAME}) for result" if [ "${DOMAIN}" != "--not-set" ]; then snapctl is-connected certs if [ $? -ne 0 ]; then logger "${SNAP_NAME} is disconnected (uuid: ${UUID})" logger "${SNAP_NAME} domain set to '--not-set'" logger "See snap 'acme-sh' and connect acme-sh:certs" snapctl set domain="--not-set" exit 0 fi readarray -d '' DOMAINS < <(find "${CERTS_DIR}" -type d -name "${DOMAIN}" -print0) logger "Certificate (${DOMAIN}) available for ${SNAP_NAME}:${UUID}" if [ "${#DOMAINS[@]}" -ne 0 ]; then DOMAIN_DIR="${DOMAINS[0]}" gpg_start_agent i=0 LAST_EDITED=`stat "${DOMAIN_DIR}/.time" --format="%Y" 2> /dev/null || echo 0` ORIG_EDITED=`stat "${SSL_DIR}/.time" --format="%Y" 2> /dev/null || echo 0` if [ "${LAST_EDITED}" -le "${ORIG_EDITED}" ]; then logger "Certificate for ${DOMAIN} is not changed, exiting" exit 0 fi readarray -d '' CERTIFICATES < <(find "${DOMAIN_DIR}" -type f -name "*.gpg" -print0) for CERTIFICATE in "${CERTIFICATES[@]}"; do DEST="${SSL_DIR}/`basename "${CERTIFICATE}" ".gpg"`" ORIG="" if [ -f "${DEST}" ]; then ORIG="`cat "${DEST}"`" fi gpg --batch --yes --output "${DEST}" --decrypt "${CERTIFICATE}" DIFF=`echo "${ORIG}" | diff "${DEST}" -` RET=$? if [ "${RET}" -ne 0 ]; then echo "${ORIG}" > "${DEST}.backup" (( i = $i + 1 )) fi done if [ "${i}" -ne 0 ]; then cp -f "${DOMAIN_DIR}/.time" "${SSL_DIR}/.time" logger "Certificates (${DOMAIN}) changed for ${SNAP_NAME}-${UUID}, restart" snapctl restart "${SNAP_NAME}.hass" fi gpg_close_agent fi fi