[Letsencrypt-devel] Bug#827371: letsencrypt.sh: Use hook.d folder?
Elrond
elrond+bugs.debian.org at samba-tng.org
Wed Jun 15 18:25:47 UTC 2016
On Wed, Jun 15, 2016 at 16:06:40 +0000, Mattia Rizzolo wrote:
> On Wed, Jun 15, 2016 at 02:21:34PM +0200, Elrond wrote:
> > I am starting to test hook scripts to deploy the
> > certificates into appropiate places. One idea I got while
> > doing that: Have a hook.d folder with scripts that get all
> > executed.
>
> mmh
>
> > What do you think?
>
> I don't know, this looks so weird to me.
> Considering how hooks are handled¹, I wouldn't know how this could be
> any useful.
>
> What's your use case for doing such a thing?
>
>
> ¹ pretty much like debian's maintainer scripts, where dpkg calls the
> script with an action (upgrade/purge/remove/install/...) and some
> paremeters
Right, the hook script is called in different phases of the
system. For example before publishing the challenge. And
also after receiving the final certificate.
Especially after receiving the final certificate, daemons
need to be restarted to load the new certificate. So I plan
to have something like "80-restart-lighttpd" as one hook
script with something like
[ "$1" = "deploy_cert" ] && service lighttpd restart
in it.
If people want to use dns-01 challenges, they need a hook
script to put the challenge on the DNS server. With one
global big hook script this might quickly become
unmaintainable.
That's basicly, why I started to invent the hook.d thing.
Could you explain, why this looks weird to you?
Cheers
Elrond
More information about the Letsencrypt-devel
mailing list