[root@fusion ~]# cat /etc/dehydrated/hook.sh
#!/usr/bin/env bash
# https://github.com/lukas2511/dehydrated/blob/master/docs/examples/hook.sh

set -eu -o pipefail

NSUPDATE="nsupdate -k /root/.secrets/Kfusion.+165+59352.private"
DNSSERVER="ns1.mydomain.com"
TTL=300


deploy_challenge() {
                local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
                printf "server %s\nupdate add _acme-challenge.%s. %d in TXT \"%s\"\nsend\n" "${DNSSERVER}" "${1}" "${TTL}" "${3}" | $NSUPDATE
                sleep 5
                nslookup -q=txt _acme-challenge.${1}

}

clean_challenge() {
                local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
                printf "server %s\nupdate delete _acme-challenge.%s. %d in TXT \"%s\"\nsend\n" "${DNSSERVER}" "${1}" "${TTL}" "${3}" | $NSUPDATE
}

deploy_cert() {
                local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
                local ALLFILE=$(dirname ${2})-${TIMESTAMP}.pem
                cat ${FULLCHAINFILE}  > ${ALLFILE}
                cat ${KEYFILE}       >> ${ALLFILE}
                cat ${CHAINFILE}     >> ${ALLFILE}
                install -o freeswitch -g daemon -m 0600 ${ALLFILE} /etc/freeswitch/tls/all.pem
                install -o freeswitch -g daemon -m 0600 ${CERTFILE} /etc/freeswitch/tls/cert.pem
                install -o freeswitch -g daemon -m 0600 ${CHAINFILE} /etc/freeswitch/tls/chain.pem
                install -o freeswitch -g daemon -m 0600 ${FULLCHAINFILE} /etc/freeswitch/tls/fullchain.pem
                install -o freeswitch -g daemon -m 0600 ${KEYFILE} /etc/freeswitch/tls/privkey.pem
                /usr/sbin/nginx -t && /usr/sbin/nginx -s reload
                for dst in agent tls wss dtls-srtp ; do
                        ln -sf /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/${dst}.pem
                done

}

unchanged_cert() {
    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
                echo ""
                echo "unchanged_cert()"
                echo ""
}

invalid_challenge() {
    local DOMAIN="${1}" RESPONSE="${2}"
                echo ""
                echo "invalid_challenge()"
                echo "${1}"
                echo "${2}"
                echo ""
}

request_failure() {
    local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"
                echo ""
                echo "request_failure()"
                echo "${1}"
                echo "${2}"
                echo "${3}"
                echo ""
}

exit_hook() {
        find /etc/dehydrated/certs/ -mtime +120 -exec rm {} \;
                echo ""
                echo "done"
                echo ""
}

HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|exit_hook)$ ]]; then
  "$HANDLER" "$@"
fi