SSL Let's Encrypt Hooks

check_letsencrypt_expiries_post.sh

This script is called after the nightly Let's Encrypt renewal checks.

Environment variables

  • renewed (0|1): 1 means something was renewed and Apache needs to be reloaded

letsencrypt_(pre|post).sh

These custom scripts are used for before/after calls to letsencrypt.sh.

Environment variables

  • acme-challenge-dir: location of the acme-challenge directory for domain validation
  • username: owner of domain
  • domain: target domain
  • action (request|renew|revoke): Let's Encrypt action
  • keysize : key size passed to letsencrypt.sh

The hook letsencrypt_post.sh also has:

  • exit_code : exit code of letsencrypt.sh

ssl_save_(pre|post).sh

These hooks are called before/after an SSL is saved.

Environment variables

  • username: user
  • domain: domain.com
  • type(server|create|paste): type of data saved possible values
    • server: domain uses server certificate
    • paste: paste certificate data. This also includes:
      • certificate: private key and certificate separated by a line
    • create: create self-signed certificate or certificate request or Let's Encrypt certificate. This also includes
      • keysize: key size used
      • encryption: which encryption algorithm is used
      • request(yes|no|letsencrypt): make certificate request(yes), or Let's Encrypt request(letsencrypt) or create self-signed certificate(no)
        • for self-singed or certificate request, certificate data is provided:
          • country
          • province
          • city
          • company
          • division
          • name
          • email
        • for Let's Encrypt certificate:
          • wildcard(yes|no): create wildcard Let's Encrypt certificate
          • le_select[X]: Domain names to include into Certificate. le_wc_select[X] format used when Let's Encrypt wildcard is selected

Examples

reloading Apache via check_letsencrypt_expiries_post.sh if restart_apache_after_tally=0 is set

Note that the tally will already restart after the nightly tally, so this action isn't needed UNLESS you specifically set:

restart_apache_after_tally=0
1

in which case, you'd need something, like:

#!/bin/sh
if [ "$renewed" = "1" ]; then
	echo "action=httpd&value=reload&affect_php_fpm=no" >> /usr/local/directadmin/data/task.queue
fi
exit 0;
1
2
3
4
5

saved via /usr/local/directadmin/scripts/custom/check_letsencrypt_expiries_post.sh. Correct the permissions and ownership:

chmod 700 /usr/local/directadmin/scripts/custom/check_letsencrypt_expiries_post.sh
chown diradmin. /usr/local/directadmin/scripts/custom/check_letsencrypt_expiries_post.sh
1
2

However, not restarting after a tally means that any suspended Users might not have their configs set correctly... so we cannot really recommend restart_apache_after_tally=0 unless you have other checks, that trigger restarts of everything that needs a restart, via other means.

Last Updated: 6/23/2021, 9:36:08 PM