|
|
#!/usr/bin/env sh
#Here is a sample custom api script. #This file name is "myapi.sh" #So, here must be a method myapi_deploy() #Which will be called by acme.sh to deploy the cert #returns 0 means success, otherwise error.
######## Public functions #####################
#domain keyfile certfile cafile fullchain strongswan_deploy() { _cdomain="$1" _ckey="$2" _ccert="$3" _cca="$4" _cfullchain="$5"
_info "Using strongswan"
if [ -x /usr/sbin/ipsec ]; then _ipsec=/usr/sbin/ipsec elif [ -x /usr/sbin/strongswan ]; then _ipsec=/usr/sbin/strongswan elif [ -x /usr/local/sbin/ipsec ]; then _ipsec=/usr/local/sbin/ipsec else _err "no strongswan or ipsec command is detected" return 1 fi
_info _ipsec "$_ipsec"
_confdir=$($_ipsec --confdir) if [ $? -ne 0 ] || [ -z "$_confdir" ]; then _err "no strongswan --confdir is detected" return 1 fi
_info _confdir "$_confdir"
_debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain"
cat "$_ckey" >"${_confdir}/ipsec.d/private/$(basename "$_ckey")" cat "$_ccert" >"${_confdir}/ipsec.d/certs/$(basename "$_ccert")" cat "$_cca" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cca")" cat "$_cfullchain" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cfullchain")"
$_ipsec reload
}
|