strongswan.sh 1.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455
  1. #!/usr/bin/env sh
  2. #Here is a sample custom api script.
  3. #This file name is "myapi.sh"
  4. #So, here must be a method myapi_deploy()
  5. #Which will be called by acme.sh to deploy the cert
  6. #returns 0 means success, otherwise error.
  7. ######## Public functions #####################
  8. #domain keyfile certfile cafile fullchain
  9. strongswan_deploy() {
  10. _cdomain="$1"
  11. _ckey="$2"
  12. _ccert="$3"
  13. _cca="$4"
  14. _cfullchain="$5"
  15. _info "Using strongswan"
  16. if [ -x /usr/sbin/ipsec ]; then
  17. _ipsec=/usr/sbin/ipsec
  18. elif [ -x /usr/sbin/strongswan ]; then
  19. _ipsec=/usr/sbin/strongswan
  20. elif [ -x /usr/local/sbin/ipsec ]; then
  21. _ipsec=/usr/local/sbin/ipsec
  22. else
  23. _err "no strongswan or ipsec command is detected"
  24. return 1
  25. fi
  26. _info _ipsec "$_ipsec"
  27. _confdir=$($_ipsec --confdir)
  28. if [ $? -ne 0 ] || [ -z "$_confdir" ]; then
  29. _err "no strongswan --confdir is detected"
  30. return 1
  31. fi
  32. _info _confdir "$_confdir"
  33. _debug _cdomain "$_cdomain"
  34. _debug _ckey "$_ckey"
  35. _debug _ccert "$_ccert"
  36. _debug _cca "$_cca"
  37. _debug _cfullchain "$_cfullchain"
  38. cat "$_ckey" >"${_confdir}/ipsec.d/private/$(basename "$_ckey")"
  39. cat "$_ccert" >"${_confdir}/ipsec.d/certs/$(basename "$_ccert")"
  40. cat "$_cca" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cca")"
  41. cat "$_cfullchain" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cfullchain")"
  42. $_ipsec reload
  43. }