Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 Commits
12 Branches
27 Tags
2.2 MiB
Tree: 7eed211434
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7eed211434'
${ noResults }
acmed/man/en/acmed.toml.5

489 lines
15 KiB
Raw Normal View History

Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
ACMEd 0.4.0
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow the config file to include other files
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_success variable to post-operation hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_success variable to post-operation hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_success variable to post-operation hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
  1. .\" Copyright (c) 2019 Rodolphe Bréard <rodolphe@breard.tf>
  2. .\"
  3. .\" Copying and distribution of this file, with or without modification,
  4. .\" are permitted in any medium without royalty provided the copyright
  5. .\" notice and this notice are preserved. This file is offered as-is,
  6. .\" without any warranty.
  7. .Dd May 8, 2019
  8. .Dt ACMED.TOML 5
  9. .Os
  10. .Sh NAME
  11. .Nm acmed.toml
  12. .Nd ACMEd configuration file
  13. .Sh DESCRIPTION
  14. .Nm
  15. is the configuration file for
  16. .Xr acmed 8 .
  17. It is written in the
  18. .Em TOML
  19. format. The allowed elements are described below.
  20. .Bl -tag
  21. .It Ic include
  22. Array containing the path to configuration file to include. The path can be either relative or absolute. If relative, it is relative to the configuration file which included it.
  23. .Pp
  24. In case or overlapping global option definition, the one of the last included file will be used. For example, if a file
  25. .Em A
  26. includes files
  27. .Em B
  28. and
  29. .Em C
  30. and all three defines the same global option, the final value will be the one defined in file
  31. .Em C .
  32. .It Ic global
  33. Table containing the global configuration options.
  34. .Bl -tag
  35. .It Cm accounts_directory Ar string
  36. Specify the directory where the accounts private and public keys are stored.
  37. .It Cm certificates_directory Ar string
  38. Specify the directory where the certificates and their associated private keys are stored.
  39. .It Cm cert_file_mode Ar integer
  40. Specify the permissions to use for newly-created certificates files. See
  41. .Xr chmod 2
  42. for more details.
  43. .It Cm cert_file_user Ar user_id Ft string
  44. Specify the user who will own newly-created certificates files. See
  45. .Xr chown 2
  46. for more details.
  47. .It Cm cert_file_group Ar group_id Ft string
  48. Specify the group who will own newly-created certificates files. See
  49. .Xr chown 2
  50. for more details.
  51. .It Cm pk_file_mode Ar integer
  52. Specify the permissions to use for newly-created private-key files. See
  53. .Xr chmod 2
  54. for more details.
  55. .It Cm pk_file_user Ar user_id Ft string
  56. Specify the user who will own newly-created private-key files. See
  57. .Xr chown 2
  58. for more details.
  59. .It Cm pk_file_group Ar group_id Ft string
  60. Specify the group who will own newly-created private-key files. See
  61. .Xr chown 2
  62. for more details.
  63. .El
  64. .It Ic endpoint
  65. Array of table where each element defines a Certificate Authority
  66. .Pq CA
  67. which may be used to request certificates.
  68. .Bl -tag
  69. .It Cm name Ar string
  70. The name the endpoint is registered under. Must be unique.
  71. .It Cm url Ar string
  72. The endpoint's directory URL.
  73. .It Cm tos_agreed Ar boolean
  74. Set whether or not the user agrees to the Terms Of Service
  75. .Pq TOS .
  76. .El
  77. .It Ic hook
  78. Array of table where each element defines a command that will be launched at a defined point. See section
  79. .Sx WRITING A HOOK
  80. for more details.
  81. .Bl -tag
  82. .It Cm name Ar string
  83. The name the hook is registered under. Must be unique.
  84. .It Cm hook_type Ar array
  85. Array of strings. Possible types are:
  86. .Bl -dash -compact
  87. .It
  88. challenge-http-01
  89. .It
  90. challenge-http-01-clean
  91. .It
  92. challenge-dns-01
  93. .It
  94. challenge-dns-01-clean
  95. .It
  96. challenge-tls-alpn-01
  97. .It
  98. challenge-tls-alpn-01-clean
  99. .It
  100. file-pre-create
  101. .It
  102. file-pre-edit
  103. .It
  104. file-post-create
  105. .It
  106. file-post-edit
  107. .It
  108. post-operation
  109. .El
  110. .It Ic cmd Ar string
  111. The name of the command that will be launched.
  112. .It Ic args Ar array
  113. Array of strings representing the command's arguments.
  114. .It Ic stdin Ar string
  115. String that will be written into the command's standard input.
  116. .It Ic stdout Ar string
  117. Path to the file where the command's standard output if written.
  118. .It Ic stderr Ar string
  119. Path to the file where the command's standard error output if written.
  120. .El
  121. .It Ic group
  122. Array of table allowing to group several hooks as one. A group is considered as new hook.
  123. .Bl -tag
  124. .It Cm name Ar string
  125. The name the group is registered under. This name is considered as a hook name. Must be unique.
  126. .It Cm hooks Ar array
  127. Array containing the names of the hooks that are grouped. The hooks are guaranteed to be called sequentially in the declaration order.
  128. .El
  129. .It Ic account
  130. Array of table representing an account on one or several CA.
  131. .Bl -tag
  132. .It Ic name Ar string
  133. The name the account is registered under. Must be unique.
  134. .It Ic email Ar string
  135. The email address used to contact the account's holder.
  136. .El
  137. .It Ic certificate
  138. Array of table representing a certificate that will be requested to a CA.
  139. .Bl -tag
  140. .It Ic account Ar string
  141. Name of the account to use.
  142. .It Ic endpoint Ar string
  143. Name of the endpoint to use.
  144. .It Ic domains Ar array
  145. Array of tables listing the domains that should be included in the certificate along with the challenge to use for each one.
  146. .Bl -tag
  147. .It Ic dns
  148. The domain name.
  149. .It Ic challenge
  150. The name of the challenge to use to prove the domain's ownership. Possible values are:
  151. .Bl -dash -compact
  152. .It
  153. http-01
  154. .It
  155. dns-01
  156. .It
  157. tls-alpn-01
  158. .El
  159. .El
  160. .It Ic algorithm Ar string
  161. Name of the asymetric cryptography algorithm used to generate the certificate's key pair. Possible values are :
  162. .Bl -dash -compact
  163. .It
  164. rsa2048
  165. .Aq default
  166. .It
  167. rsa4096
  168. .It
  169. ecdsa_p256
  170. .It
  171. ecdsa_p384
  172. .El
  173. .It Ic kp_reuse Ar boolean
  174. Set whether or not the private key should be reused when renewing the certificate. Default is false.
  175. .It Ic directory Ar string
  176. Path to the directory where certificates and their associated private keys are stored.
  177. .It Ic hooks Ar array
  178. Names of hooks that will be called when requesting a new certificate. The hooks are guaranteed to be called sequentially in the declaration order.
  179. .El
  180. .Sh WRITING A HOOK
  181. When requesting a certificate to a CA using ACME, there is three steps that are hard to automatize. The first one is solving challenges in order to prove the ownership of every domains to be included: it requires to interact with the configuration of other services, hence depends on how the infrastructure works. The second one is restarting all the services that uses a given certificate, for the same reason. The last one is archiving: although several default methods can be implemented, sometimes admins wants or are required to do it in a different way.
  182. .Pp
  183. In order to allow a full automation of the three above steps without imposing arbitrary restrictions or methods,
  184. .Xr acmed 8
  185. uses hooks. Fundamentally, a hook is a command line template that will be called at a specific time of the process. Such approach allows admins to use any executable script or program located on the machine to customize the process.
  186. .Pp
  187. For a given certificate, hooks are guaranteed to be called sequentially in the declaration order. It is therefore possible to have a hook that depends on another one. Nevertheless, several certificates may be renewed at the same time. Hence, hooks shall not use globing or any other action that may disrupt hooks called by a different certificate.
  188. .Pp
  189. A hook have a type that will influence both the moment it is called and the available template variables. It is possible to declare several types. In such a case, the hook will be invoked whenever one of its type request it. When called, the hook only have access to template variable for the current type. If a hook uses a template variable that does not exists for the current type it is invoked for, the variable is empty.
  190. .Pp
  191. When writing a hook, the values of
  192. .Em args ,
  193. .Em stdin ,
  194. .Em stdout
  195. and
  196. .Em stderr
  197. are considered as template strings whereas
  198. .Em cmd
  199. is not. The template syntax is
  200. .Em Handlebars .
  201. See the
  202. .Sx STANDARDS
  203. section for a link to the
  204. .Em Handlebars
  205. specifications.
  206. .Pp
  207. The available types and the associated template variable are described below.
  208. .Bl -tag
  209. .It Ic challenge-http-01
  210. Invoked when the ownership of a domain must be proved using the
  211. .Em http-01
  212. challenge. The available template variables are:
  213. .Bl -tag -compact
  214. .It Cm domain Ar string
  215. The domain name whom ownership is currently being validated.
  216. .It Cm challenge Ar string
  217. The name of the challenge type
  218. .Aq http-01 .
  219. Mostly used in hooks with multiple types.
  220. .It Cm file_name Ar string
  221. Name of the file containing the proof. This is not a full path and does not include the
  222. .Ql .well-known/acme-challenge/
  223. prefix.
  224. .It Cm proof Ar string
  225. The content of the proof that must be written to
  226. .Em file_name .
  227. .It Cm is_clean_hook Ar bool
  228. False
  229. .El
  230. .It Ic challenge-http-01-clean
  231. Invoked once a domain ownership has been proven using the
  232. .Em http-01
  233. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  234. .Em challenge-http-01
  235. hook, excepted
  236. .Em is_clean_hook
  237. which is set to
  238. .Em true .
  239. .It Ic challenge-dns-01
  240. Invoked when the ownership of a domain must be proved using the
  241. .Em dns-01
  242. challenge. The available template variables are:
  243. .Bl -tag -compact
  244. .It Cm domain Ar string
  245. The domain name whom ownership is currently being validated.
  246. .It Cm challenge Ar string
  247. The name of the challenge type
  248. .Aq dns-01 .
  249. Mostly used in hooks with multiple types.
  250. .It Cm proof Ar string
  251. The content of the proof that must be written to a
  252. .Ql TXT
  253. entry of the DNS zone for the
  254. .Ql _acme-challenge
  255. subdomain.
  256. .It Cm is_clean_hook Ar bool
  257. False
  258. .El
  259. .It Ic challenge-dns-01-clean
  260. Invoked once a domain ownership has been proven using the
  261. .Em dns-01
  262. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  263. .Em challenge-dns-01
  264. hook, excepted
  265. .Em is_clean_hook
  266. which is set to
  267. .Em true .
  268. .It Ic challenge-tls-alpn-01
  269. Invoked when the ownership of a domain must be proved using the
  270. .Em tls-alpn-01
  271. challenge. The available template variables are:
  272. .Bl -tag -compact
  273. .It Cm domain Ar string
  274. The domain name whom ownership is currently being validated.
  275. .It Cm challenge Ar string
  276. The name of the challenge type
  277. .Aq tls-alpn-01 .
  278. Mostly used in hooks with multiple types.
  279. .It Cm proof Ar string
  280. Plain-text representation of the
  281. .Em acmeIdentifier
  282. extension that should be used in the self-signed certificate presented when a TLS connection is initiated with the
  283. .Qd acme-tls/1
  284. ALPN extension value.
  285. .Xr acmed 8
  286. will not generate the certificate itself since it can be done using
  287. .Xr tacd 8 .
  288. .It Cm is_clean_hook Ar bool
  289. False
  290. .El
  291. .It Ic challenge-tls-alpn-01-clean
  292. Invoked once a domain ownership has been proven using the
  293. .Em tls-alpn-01
  294. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  295. .Em challenge-tls-alpn-01
  296. hook, excepted
  297. .Em is_clean_hook
  298. which is set to
  299. .Em true .
  300. .It Ic file-pre-create
  301. Invoked
  302. .Em before
  303. a non-existent file
  304. .Em created .
  305. The available template variables are:
  306. .Bl -tag -compact
  307. .It Cm file_name Ar string
  308. Name of the impacted file.
  309. .It Cm file_directory Ar string
  310. Name of the directory where the impacted file is located.
  311. .It Cm file_path Ar string
  312. Full path to the impacted file.
  313. .El
  314. .It Ic file-pre-edit
  315. Invoked
  316. .Em before
  317. an existent file
  318. .Em modified .
  319. The available template variables are the same as those available for the
  320. .Em file-pre-create
  321. type.
  322. .It Ic file-post-create
  323. Invoked
  324. .Em after
  325. a non-existent file
  326. .Em created .
  327. The available template variables are the same as those available for the
  328. .Em file-pre-create
  329. type.
  330. .It Ic file-post-edit
  331. Invoked
  332. .Em after
  333. an existent file
  334. .Em modified .
  335. The available template variables are the same as those available for the
  336. .Em file-pre-create
  337. type.
  338. .It Ic post-operation
  339. Invoked at the end of the certificate request process. The available template variables are:
  340. .Bl -tag -compact
  341. .It Cm domains Ar string
  342. Array containing the domain names included in the requested certificate.
  343. .It Cm algorithm Ar string
  344. Name of the algorithm used in the certificate.
  345. .It Cm status Ar string
  346. Human-readable status. If the certificate request failed, it contains the error description.
  347. .It Cm is_success Ar boolean
  348. True if the certificate request is successful.
  349. .El
  350. .El
  351. .Sh FILES
  352. .Bl -tag
  353. .It Pa /etc/acmed/acmed.toml
  354. Default
  355. .Xr acmed 8
  356. configuration file.
  357. .It Pa /etc/acmed/accounts
  358. Default accounts private and public keys directory.
  359. .It Pa /etc/acmed/certs
  360. Default certificates and associated private keys directory.
  361. .Sh EXAMPLES
  362. The following example defines a typical endpoint, account and certificate for a domain and several subdomains.
  363. .Bd -literal -offset indent
  364. [[endpoint]]
  365. name = "example name"
  366. url = "https://acme.example.org/directory"
  367. tos_agreed = true
  369. [[account]]
  370. name = "my test account"
  371. email = "certs@exemple.net"
  373. [[certificate]]
  374. endpoint = "example name"
  375. account = "my test account"
  376. domains = [
  377. { dns = "exemple.net", challenge = "http-01"},
  378. { dns = "1.exemple.net", challenge = "http-01"},
  379. { dns = "2.exemple.net", challenge = "dns-01"},
  380. { dns = "3.exemple.net", challenge = "tls-alpn-01"},
  381. ]
  382. hooks = ["example-hook-1", "example-hook-2", "example-hook-3"]
  383. .Ed
  384. .Pp
  385. It is possible to use
  386. .Xr echo 1
  387. to solve the
  388. .Em http-01
  389. challenge and
  390. .Xr rm 1
  391. to clean it.
  392. .Xr mkdir 1
  393. and
  394. .Xr chmod 1
  395. are used to prevent issues related to file access.
  396. .Bd -literal -offset indent
  397. [[hook]]
  398. name = "http-01-echo-mkdir"
  399. type = ["challenge-http-01"]
  400. cmd = "mkdir"
  401. args = [
  402. "-m", "0755",
  403. "-p", "/var/www/{{domain}}/.well-known/acme-challenge"
  404. ]
  406. [[hook]]
  407. name = "http-01-echo-echo"
  408. type = ["challenge-http-01"]
  409. cmd = "echo"
  410. args = ["{{proof}}"]
  411. stdout = "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
  413. [[hook]]
  414. name = "http-01-echo-chmod"
  415. type = ["challenge-http-01-clean"]
  416. cmd = "chmod"
  417. args = [
  418. "a+r",
  419. "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
  420. ]
  422. [[hook]]
  423. name = "http-01-echo-clean"
  424. type = ["challenge-http-01-clean"]
  425. cmd = "rm"
  426. args = [
  427. "-f",
  428. "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
  429. ]
  430. .Ed
  431. .Pp
  432. The hooks from the previous example can be grouped in order to reduce the number of hooks to define in the certificate.
  433. .Bd -literal -offset indent
  434. [[group]]
  435. name = "http-01-echo-var-www"
  436. hooks = [
  437. "http-01-echo-mkdir",
  438. "http-01-echo-echo",
  439. "http-01-echo-chmod",
  440. "http-01-echo-clean"
  441. ]
  443. [[certificate]]
  444. # Some fields omitted
  445. hooks = ["http-01-echo-var-www"]
  446. .Ed
  447. .Pp
  449. It is also possible to use
  450. .Xr sendmail 8
  451. in a hook in order to notif someone when the certificate request process is done.
  452. .Bd -literal -offset indent
  453. [[hook]]
  454. name = "email-report"
  455. type = ["post-operation"]
  456. cmd = "sendmail"
  457. args = [
  458. "-f", "noreply.certs@example.net",
  459. "contact@example.net"
  460. ]
  461. stdin = """Subject: Certificate renewal {{#if is_success}}succeeded{{else}}failed{{/if}} for {{domains.[0]}}
  463. The following certificate has {{#unless is_success}}*not* {{/if}}been renewed.
  464. domains: {{#each domains}}{{#if @index}}, {{/if}}{{this}}{{/each}}
  465. algorithm: {{algorithm}}
  466. status: {{status}}"""
  467. .Ed
  468. .Sh SEE ALSO
  469. .Xr acmed 8 ,
  470. .Xr tacd 8
  471. .Sh STANDARDS
  472. .Bl
  473. .It
  474. .Rs
  475. .%A Tom Preston-Werner
  476. .%D July 2018
  477. .%T TOML v0.5.0
  478. .%U https://github.com/toml-lang/toml
  479. .Re
  480. .It
  481. .Rs
  482. .%A Yehuda Katz
  483. .%T Handlebars
  484. .%U https://handlebarsjs.com/
  485. .Re
  486. .El
  487. .Sh AUTHORS
  488. .An Rodolphe Bréard
  489. .Aq rodolphe@breard.tf