Currently, my Virtualmin is pulling a Wildcard LE Cert for my domain. That cert is then passed to other platforms by a scheduled CRON job that calls a script that pushes them to the other devices once a week.
Is it possible to trigger the push script as a post-hook action when the LE cert renews? This would be more efficient than having a CRON job called every week, when the cert renews once every 3 months or so.
Yes, for example:
This looks like it will attempt to run any time any Virtual Server is updated. How can I script it so that when a specific server has it’s SSL cert renewed, it calls two external scripts?
(I was originally hoping I could just add a post-hook to the Acme LE script, but it looks like that’s not an option?)
You check to see what changed in your script. That’s shown in the example code.
This line:
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
That handles the SSL part, but not the specific domain question.
I looked through the documentation, this is my stab at limiting the action to a single domain’s SSL renewal:
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
if ["$VIRTUALSERVER_DOM" = "aiskon.net"]; then
/root/scripts/deploy-freenas/deploy-freenas.py
/root/scripts/copy-cert.sh
fi
fi
Would this work to call the two scripts, but only for the one domain?
Yes, that looks right, based on my recollection.
You can make it log what it’s doing (just echo whatever info you want to a file, so you can see when it runs and what info it has when it runs). You can print the whole environment to see what all the variables are set to, or whatever specific variables you care about.