2 # If certificate already exists it will update only cert and key, not touching other parameters
3 # If certificate doesn't exist it will only upload cert and key, and not set other parameters
4 # Note that we deploy full chain
5 # Written by Geoffroi Genot <ggenot@voxbone.com>
7 ######## Public functions #####################
9 #domain keyfile certfile cafile fullchain
16 _info
"Deploying certificate on Kong instance"
17 if [ -z "$KONG_URL" ]; then
18 _debug
"KONG_URL Not set, using default http://localhost:8001"
19 KONG_URL
="http://localhost:8001"
22 _debug _cdomain
"$_cdomain"
24 _debug _ccert
"$_ccert"
26 _debug _cfullchain
"$_cfullchain"
28 #Get ssl_uuid linked to the domain
29 ssl_uuid
=$
(_get
"$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o
'[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
30 if [ -z "$ssl_uuid" ]; then
31 _debug
"Unable to get Kong ssl_uuid for domain $_cdomain"
32 _debug
"Make sure that KONG_URL is correctly configured"
33 _debug
"Make sure that a Kong certificate match the sni"
34 _debug
"Kong url: $KONG_URL"
35 _info
"No existing certificate, creating..."
38 #Save kong url if it's succesful (First run case)
39 _saveaccountconf KONG_URL
"$KONG_URL"
41 delim
="-----MultipartDelimiter$(date "+%s
%N
")"
44 _H1
="Content-Type: multipart/form-data; boundary=$delim"
45 #Generate data for request (Multipart/form-data with mixed content)
46 if [ -z "$ssl_uuid" ]; then
48 content
="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain"
51 content
="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
53 content
="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
55 content
="$content${nl}--$delim--${nl}"
57 content
=$
(printf %b
"$content")
60 _debug content
"$content"
61 #Check if sslcreated (if not => POST else => PATCH)
63 if [ -z "$ssl_uuid" ]; then
64 #Post certificate to Kong
65 response
=$
(_post
"$content" "$KONG_URL/certificates" "" "POST")
68 response
=$
(_post
"$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH")
70 if ! [ "$(echo "$response" | _egrep_o "created_at
")" = "created_at" ]; then
71 _err
"An error occurred with cert upload. Check response:"
75 _debug response
"$response"
76 _info
"Certificate successfully deployed"