Certificate onChange hook
We created an onChange hook to run commands when certificates are changed (installed or renewed). Use the property onChange
in the CERTCACHE_CERTS
env var to run a shell command. Commands are executed with the env var CERTCACHE_CHANGED_DIR
which points to the directory of the changed certificate.
For example, the following command will concatenate fullchain.pem
and privkey.pem
for use with HAProxy:
CERTCACHE_CERTS: |
- certName: <cert-name>
domains:
…
onChange: cat $$CERTCACHE_CHANGED_DIR/fullchain.pem $$CERTCACHE_CHANGED_DIR/privkey.pem | tee $$CERTCACHE_CHANGED_DIR/cert-key-combined.pem
PATH
is updated to include/certcache/bin
directory. If there was an executable script at the location/certcache/bin/do_stuff
then the command inonChange
could simply readonChange: do_stuff
- without requiring the full path.