Add hook for unchanged certificates.

diff --git a/hook.sh.example b/hook.sh.example
index 41d32a092028ed4adab1ed60b34e150b9758cd03..3381682dae3968deaab3fedc4afcfab39ec330f6 100644 (file)
--- a/hook.sh.example
+++ b/hook.sh.example
@@ -52,4 +52,24 @@ function deploy_cert {
     #   The path of the file containing the intermediate certificate(s).
 }
 
+function unchanged_cert {
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
+
+    # This hook is called once for each certificate that is still
+    # valid and therefore wasn't reissued.
+    #
+    # Parameters:
+    # - DOMAIN
+    #   The primary domain name, i.e. the certificate common
+    #   name (CN).
+    # - KEYFILE
+    #   The path of the file containing the private key.
+    # - CERTFILE
+    #   The path of the file containing the signed certificate.
+    # - FULLCHAINFILE
+    #   The path of the file containing the full certificate chain.
+    # - CHAINFILE
+    #   The path of the file containing the intermediate certificate(s).
+}
+
 HANDLER=$1; shift; $HANDLER $@

diff --git a/letsencrypt.sh b/letsencrypt.sh
index 99f559206e29f6f9b7d1d05262d825f0026668c3..fe901459a201319a67c80afa29c756116a1a004f 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -598,7 +598,9 @@ command_sign_domains() {
         if [[ "${force_renew}" = "yes" ]]; then
           echo "Ignoring because renew was forced!"
         else
-          echo "Skipping!"
+          # Certificate-Names unchanged and cert is still valid
+          echo "Skipping renew! Calling unchanged-hook."
+          [[ -n "${HOOK}" ]] && "${HOOK}" "unchanged_cert" "${domain}" "${BASEDIR}/certs/${domain}/privkey.pem" "${BASEDIR}/certs/${domain}/cert.pem" "${BASEDIR}/certs/${domain}/fullchain.pem" "${BASEDIR}/certs/${domain}/chain.pem"
           continue
         fi
       else