add deploy tools

sbin/letsencrypt-deploy.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# letsencrypt-tools
+# https://git.stack-source.com/msb/letsencrypt-tools
+# Copyright (c) 2023 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+#
+# must be root
+if [ "$USER" != "root" ]; then
+  exec sudo -u root $0 $@
+fi
+
+if [[ -d /var/tmp/letsencrypt/ ]]; then
+  domainArray=(`ls -1 /var/tmp/letsencrypt/`)
+  for domain in "${domainArray[@]}"
+  do
+    rm /var/tmp/letsencrypt/$domain
+    if /usr/local/bin/letsencrypt-certonly.sh -d $domain ; then
+      if [[ "$domain" =~ ^mail.* ]]; then
+        vmaildomain="${domain/mail./}"
+        if [[ -d /var/vmail/$vmaildomain ]]; then
+          /usr/local/bin/vmail-dovecot-enable.sh -d $domain
+          /usr/local/bin/vhost-enable.sh -d $domain -m VMailHTTPS
+        fi
+      elif [[ -d /srv/www/$domain ]]; then
+        /usr/local/bin/vhost-enable.sh -d $domain -m VHostHTTPS
+      fi
+    fi
+    # add code to check for aliases and redirects?
+    # run once and exit, script will be restarted if additional domains are still queued for cert deployment
+    exit 0
+  done
+fi
+

systemd/letsencrypt-deploy.path

@@ -0,0 +1,13 @@
+[Unit]
+Description="Monitor /var/tmp/letsencrypt/ for cert names to deploy."
+After=apache2.service
+
+[Path]
+# TriggerLimitIntervalSec=60 - not available until next version of systemd (250)
+MakeDirectory=true
+DirectoryMode=0777
+DirectoryNotEmpty=/var/tmp/letsencrypt
+Unit=letsencrypt-deploy.service
+
+[Install]
+WantedBy=multi-user.target

systemd/letsencrypt-deploy.service

@@ -0,0 +1,7 @@
+[Unit]
+Description="Deploy Let's Encrypt Certificate"
+ConditionDirectoryNotEmpty=/var/tmp/letsencrypt
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/letsencrypt-deploy.sh