initial commit

etc/letsencrypt/renewal-hooks/deploy/ocsp

@@ -0,0 +1,19 @@
+#!/bin/sh
+set -ef
+
+: "${RENEWED_LINEAGE:?}"
+d="${RENEWED_LINEAGE}"
+
+[ -d "$d" ] || {
+	env printf '%s: not a directory: %q\n' "$0" "$d" >&2
+	exit 1
+}
+
+chain="$d/chain.pem"
+cert="$d/cert.pem"
+ocsp="$d/ocsp.der"
+
+[ -s "${cert}" ]  || exit 2
+[ -s "${chain}" ] || exit 3
+
+exec openssl-ocsp "${chain}" "${cert}" "${ocsp}"

etc/letsencrypt/renewal-hooks/post/angie

@@ -0,0 +1,2 @@
+#!/bin/sh
+exec systemctl --no-ask-password reload angie.service

etc/systemd/system/angie.service.d/certbot-ocsp-angie.conf

@@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=/usr/local/lib/systemd/certbot-ocsp-angie.sh

etc/systemd/system/certbot-ocsp-angie.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Certbot - refresh OCSP responses for Angie
+Documentation=https://angie.software/en/configuration/modules/http_ssl/#ssl-stapling-file
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/lib/systemd/certbot-ocsp-angie.sh
+PrivateTmp=true

etc/systemd/system/certbot-ocsp-angie.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Run certbot-ocsp-angie.service twice daily
+
+[Timer]
+OnCalendar=*-*-* 06,18:00:00
+RandomizedDelaySec=3600
+Persistent=true
+
+[Install]
+WantedBy=timers.target

etc/systemd/system/certbot.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Certbot
+Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
+Documentation=https://certbot.eff.org/docs
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/certbot -q renew --no-random-sleep-on-renew
+PrivateTmp=true

etc/systemd/system/certbot.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Run certbot.service twice daily
+
+[Timer]
+OnCalendar=*-*-* 00,12:00:00
+RandomizedDelaySec=3600
+Persistent=true
+
+[Install]
+WantedBy=timers.target