#!/bin/sh -eu
# vim: ai ts=4 sts=4 et sw=4
if [ -r /etc/default/ntpsec ]
then
. /etc/default/ntpsec
fi
if [ -z "${NTPSEC_CERTBOT_CERT_NAME-}" ]
then
exit 0
fi
# If the certificate being deployed is not the one for ntpd, exit.
found=0
for domain in $RENEWED_DOMAINS
do
if [ "$domain" = "$NTPSEC_CERTBOT_CERT_NAME" ]
then
found=1
fi
done
if [ "$found" = "0" ]
then
exit 0
fi
# Copy the certificate (including chain) and key so ntpd can read them
# after dropping privileges.
install -m 644 /etc/letsencrypt/live/"$NTPSEC_CERTBOT_CERT_NAME"/fullchain.pem \
/etc/ntpsec/cert-chain.pem
install -m 640 -g ntpsec \
/etc/letsencrypt/live/"$NTPSEC_CERTBOT_CERT_NAME"/privkey.pem \
/etc/ntpsec/key.pem
# Tell ntpd to reload the certificate and key.
killall -HUP ntpd 2>/dev/null || true
|