Bug 213163
| Summary: | [patch] security/acme-client: Support integrated renew/deploy script. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Peter Jeremy <peterj> | ||||
| Component: | Individual Port(s) | Assignee: | Bernard Spil <brnrd> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | Keywords: | patch | ||||
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(brnrd) |
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
A commit references this bug: Author: brnrd Date: Sat Oct 8 13:36:14 UTC 2016 New revision: 423507 URL: https://svnweb.freebsd.org/changeset/ports/423507 Log: security/acme-client: Fixes for periodic script - Fix domains and client-args variable typos [1] - Don't display deploy messages when deploy-script unset[2] PR: 213162 [1], 213163 [2] Submitted by: peterj Changes: head/security/acme-client/files/000.acme-client.sh.in |
Created attachment 175373 [details] Support disabling deployment stage. The acme-client periodic script supports separate renew and deploy scripts but does not support an integrated renew/deploy script. The latter makes sense because acme-client provides a return code to indicate whether a certificate was updated but this information is not available to a separate deploy script. Whilst it's possible to include deploy actions in the renew script, the periodic script always produces a "Deploying Let's Encrypt certificates" message and complains if no deploy script is defined. The latter can be disabled by setting weekly_acme_client_deployscript to a dummy value (eg /usr/bin/true) but the former is misleading if the deployment is part of the renew script. The attached patch supports setting weekly_acme_client_deployscript to "no" as an indication that the deployment section should be skipped.