certbot-*-hook.sh: use CERTBOT_DOMAIN

2025-03-15 14:59:36 +01:00 · 2025-03-15 14:59:36 +01:00 · 6000b2606e
commit 6000b2606e
parent 85ecbef470
3 changed files with 24 additions and 20 deletions
--- a/conf/certbot-deploy-hook.sh
+++ b/conf/certbot-deploy-hook.sh
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail

 domains=(${RENEWED_DOMAINS-})
@ -10,21 +10,21 @@ if [ ! ${#domains[@]} -eq 1 ]; then
 	chown root:nginx /etc/letsencrypt/live/*/
 	chmod u=rwX,g=rX,o= /etc/letsencrypt/live/*/
 else
-	cert_name=${domains[0]}
+	cert_name="${domains[0]}"

-	cert_dir_archive=/etc/letsencrypt/archive/${cert_name}/
-	if [ -d ${cert_dir_archive} ]; then
-		chown -R root:nginx ${cert_dir_archive}
-		chmod -R u=rwX,g=rX,o= ${cert_dir_archive}
+	cert_dir_archive=/etc/letsencrypt/archive/"${cert_name}"/
+	if [ -d "${cert_dir_archive}" ]; then
+		chown -R root:nginx "${cert_dir_archive}"
+		chmod -R u=rwX,g=rX,o= "${cert_dir_archive}"
 	else
 		echo "${cert_dir_archive} doesn't exist" > /dev/stderr
 		exit 1
 	fi

-	cert_dir_live=/etc/letsencrypt/live/${cert_name}/
-	if [ -d ${cert_dir_live} ]; then
-		chown root:nginx ${cert_dir_live}
-		chmod u=rwX,g=rX,o= ${cert_dir_live}
+	cert_dir_live=/etc/letsencrypt/live/"${cert_name}"/
+	if [ -d "${cert_dir_live}" ]; then
+		chown root:nginx "${cert_dir_live}"
+		chmod u=rwX,g=rX,o= "${cert_dir_live}"
 	else
 		echo "${cert_dir_live} doesn't exist" > /dev/stderr
 		exit 1
--- a/conf/certbot-dns-challenge-hook.sh
+++ b/conf/certbot-dns-challenge-hook.sh
@ -1,6 +1,8 @@
-#!/bin/bash
-set -euo pipefail
+#!/usr/bin/env sh
+set -eu

-knotc zone-begin servnest.example.
-knotc zone-set servnest.example. _acme-challenge.ht.servnest.example. 60 IN TXT $CERTBOT_VALIDATION
-knotc zone-commit servnest.example.
+PARENT="${CERTBOT_DOMAIN#*.}"
+
+knotc zone-begin "$PARENT".
+knotc zone-set "$PARENT". _acme-challenge."$CERTBOT_DOMAIN". 60 IN TXT "$CERTBOT_VALIDATION"
+knotc zone-commit "$PARENT".
--- a/conf/certbot-dns-cleanup-hook.sh
+++ b/conf/certbot-dns-cleanup-hook.sh
@ -1,6 +1,8 @@
-#!/bin/bash
-set -euo pipefail
+#!/usr/bin/env sh
+set -eu

-knotc zone-begin servnest.example.
-knotc zone-unset servnest.example. _acme-challenge.ht.servnest.example. 60 IN TXT $CERTBOT_VALIDATION
-knotc zone-commit servnest.example.
+PARENT="${CERTBOT_DOMAIN#*.}"
+
+knotc zone-begin "$PARENT".
+knotc zone-unset "$PARENT". _acme-challenge."$CERTBOT_DOMAIN". 60 IN TXT "$CERTBOT_VALIDATION"
+knotc zone-commit "$PARENT".