mailwolt-installer/scripts/21-le-deploy-hook.sh

#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh

install -d /etc/letsencrypt/renewal-hooks/deploy

cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
#!/usr/bin/env bash
set -euo pipefail
UI_SSL_DIR="/etc/ssl/ui"
WEBMAIL_SSL_DIR="/etc/ssl/webmail"
MAIL_SSL_DIR="/etc/ssl/mail"

UI_HOST="${UI_HOST}"
WEBMAIL_HOST="${WEBMAIL_HOST}"
MX_HOST="${MAIL_HOSTNAME}"

UI_LE="/etc/letsencrypt/live/${UI_HOST}"
WEBMAIL_LE="/etc/letsencrypt/live/${WEBMAIL_HOST}"
MX_LE="/etc/letsencrypt/live/${MX_HOST}"

link_if() {
  local le_base="$1" target_dir="$2"
  local cert="${le_base}/fullchain.pem"
  local key="${le_base}/privkey.pem"
  if [ -f "$cert" ] && [ -f "$key" ]; then
    install -d -m 0755 "$target_dir"
    ln -sf "$cert" "${target_dir}/fullchain.pem"
    ln -sf "$key"  "${target_dir}/privkey.pem"
    echo "[+] Linked ${target_dir} -> ${le_base}"
  fi
}
link_if "$UI_LE"      "$UI_SSL_DIR"
link_if "$WEBMAIL_LE" "$WEBMAIL_SSL_DIR"
link_if "$MX_LE"      "$MAIL_SSL_DIR"

# Dienste neu laden
systemctl reload nginx || true
systemctl reload postfix dovecot || true
HOOK

chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh

##!/usr/bin/env bash
#set -euo pipefail
#source ./lib.sh
#
#UI_SSL_DIR="/etc/ssl/ui"
#WEBMAIL_SSL_DIR="/etc/ssl/webmail"
#MAIL_SSL_DIR="/etc/ssl/mail"
#
#UI_HOST="${UI_HOST:-}"
#WEBMAIL_HOST="${WEBMAIL_HOST:-}"
#MX_HOST="${MAIL_HOSTNAME:-}"
#
#install -d -m 0755 /etc/letsencrypt/renewal-hooks/deploy
#
## Hook-Datei, die Certbot nach jeder Erneuerung ausführt
#cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
##!/usr/bin/env bash
#set -euo pipefail
#
#UI_SSL_DIR="/etc/ssl/ui"
#WEBMAIL_SSL_DIR="/etc/ssl/webmail"
#MAIL_SSL_DIR="/etc/ssl/mail"
#
#UI_HOST="${UI_HOST}"
#WEBMAIL_HOST="${WEBMAIL_HOST}"
#MX_HOST="${MAIL_HOSTNAME}"
#
#link_if() {
#  local host="$1" target_dir="$2"
#  [[ -z "$host" ]] && return 0
#  local le="/etc/letsencrypt/live/${host}"
#  local cert="${le}/fullchain.pem"
#  local key="${le}/privkey.pem"
#  [[ -f "$cert" && -f "$key" ]] || return 0
#  install -d -m 0755 "$target_dir"
#  ln -sf "$cert" "${target_dir}/fullchain.pem"
#  ln -sf "$key"  "${target_dir}/privkey.pem"
#  echo "[+] Linked ${target_dir} -> ${le}"
#}
#
#link_if "$UI_HOST"      "$UI_SSL_DIR"
#link_if "$WEBMAIL_HOST" "$WEBMAIL_SSL_DIR"
#link_if "$MX_HOST"      "$MAIL_SSL_DIR"
#
#systemctl reload nginx || true
#systemctl reload postfix || true
#systemctl reload dovecot || true
#HOOK
#chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh