fix: better handeling of restart/reload logic

fix: add option to restart service, not only reload
fix: pull down crt, key and pem in one operation
2025-05-07 14:53:07 +02:00 · 2025-05-07 14:41:02 +02:00 · 2025-05-07 14:29:55 +02:00 · 2025-05-07 14:20:48 +02:00
2 changed files with 35 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -87,6 +87,12 @@ Use the `--disable-pem` to only fetch the .key and .crt:
 ./certman.sh --disable-pem
 ```
 ### Restart service instead of Reload
 Some services do not support at soft restart (reload). use `--restart` to force this option insted of the default reload.
 ```bash
 ./certman.sh --restart
 ```
 ## Environment Variables
 | Variable | Description | Required |
@ -97,6 +103,7 @@ Use the `--disable-pem` to only fetch the .key and .crt:
 | TEMP_PATH | Temporary directory for downloads | Yes |
 | FULLCHAIN_PEM | Enabled by default | No |
 | SERVICE_NAME | Service to reload after certificate updates | Yes |
 | SERIVCE_SUPPORTS | Reload or restart? Reload is the default | No |
 | CERT_OWNER | User owner for certificate files | Yes |
 | CERT_GROUP | Group owner for certificate files | Yes |
 | CERT_PERMISSIONS | Certificate file permissions | Yes |
--- a/certman.sh
+++ b/certman.sh
@ -26,6 +26,7 @@ load_env || exit 1
 AUTO_MODE="false"
 FORCE_UPDATE="false"
 SERVICE_SUPPORTS="${SERVICE_SUPPORTS:-reload}"
 FULLCHAIN_PEM="${FULLCHAIN_PEM:-true}"
 while [[ $# -gt 0 ]]; do
@ -42,6 +43,10 @@ while [[ $# -gt 0 ]]; do
            FULLCHAIN_PEM="false"
            shift
            ;;
        --restart)
            SERVICE_SUPPORTS="restart"
            shift
            ;;
        *)
            shift
            ;;
@ -89,7 +94,6 @@ download_and_verify_cert() {
    local temp_key="$TEMP_DIR/$domain.key"
    local temp_pem="$TEMP_DIR/$domain.pem"
    echo -e "${BLUE}Processing certificate for $domain${NC}"
    # Download certificate
@ -159,7 +163,7 @@ install_certificate() {
    if [ "$FORCE_UPDATE" = "true" ]; then
        needs_reload=1
    elif [ "$FULLCHAIN_PEM" = "true" ] && [ -f "$final_pem" ]; then
-        if ! cmp -s "$final_pem" "$temp_cert_pem"; then
+        if ! cmp -s "$final_pem" "$temp_pem"; then
            needs_reload=1
        fi
    elif [ -f "$final_cert" ]; then
@ -178,13 +182,13 @@ install_certificate() {
                return 1
            fi
            local files=("$final_pem")
-        else
+        fi
        if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
            echo -e "${RED}Failed to install certificate files for $domain${NC}"
            return 1
        fi
        local files=("$final_cert" "$final_key")
        fi
        # Set permissions and ownership
        for file in "${files[@]}"; do
@ -223,6 +227,7 @@ process_certificates() {
    # Reload service if needed
    if [ $service_reloaded -eq 1 ]; then
        if [[ $SERVICE_SUPPORTS = reload ]]; then
            echo -e "${BLUE}Reloading $SERVICE_NAME service...${NC}"
            if systemctl reload "$SERVICE_NAME"; then
                echo -e "${GREEN}Service reloaded successfully${NC}"
@ -230,6 +235,15 @@ process_certificates() {
                echo -e "${RED}Failed to reload service${NC}"
                return 1
            fi
        elif [[ $SERVICE_SUPPORTS = restart ]]; then
            echo -e "${BLUE}Restarting $SERVICE_NAME service...${NC}"
            if systemctl restart "$SERVICE_NAME"; then
                echo -e "${GREEN}Service restarted successfully${NC}"
            else
                echo -e "${RED}Failed to restart service${NC}"
                return 1
            fi
        fi
    fi
 }
Author	SHA1	Message	Date
Ruben	0f17ec7fd5	fix: better handeling of restart/reload logic	2025-05-07 14:53:07 +02:00
Ruben	df83b8aa59	fix: add option to restart service, not only reload	2025-05-07 14:41:02 +02:00
Ruben	5c706ba5d4	fix: pull down crt, key and pem in one operation	2025-05-07 14:29:55 +02:00
Ruben	5edef1fe64	fix: unbound variable	2025-05-07 14:20:48 +02:00