A script for triggering service reload/restart in order to re-read updated certificates.

read-new-certs-services.sh

#!/bin/sh

run_base=/run
dir_reloads="$run_base/new-cert-reloads"
dir_restarts="$run_base/new-cert-restarts"

if [ $# -gt 0 ]; then
	some=0
	dir="$dir_reloads"
	while [ $# -gt 0 ]; do
		case $1 in
			-h|--help)
				>&2 cat <<-'EOHELP'
					Usage:

					  read-new-certs-services [-l|-s] service1 [[-l|-s] service2]
					  or
					  read-new-certs-services

					  When called without arguments, marked services will be reloaded or restarted.

					Arguments:

					  -h, --help
					    This help.

					  -l, --reload
					    Mark all subsequently listed services for reloading. This is the default.

					  -s, --restart
					    Mark all subsequently listed services for restarting.
					EOHELP
				exit
				;;
			-l|--reload)
				dir="$dir_reloads"
				;;
			-s|--restart)
				dir="$dir_restarts"
				;;
			*)
				svc="$1"
				if [ -n "$svc" ]; then
					some=1
					run_file="$dir/$svc"
					if ! mkdir -p "$dir" || ! touch "$run_file"; then
						>&2 echo "Service could not be marked: $run_file"
						exit 1
					fi
				fi
				;;
		esac
		shift
	done
	if [ $some -eq 0 ]; then
		>&2 echo 'No service(s) specified.'
		exit 1
	fi
	exit
fi

if [ -d "$dir_restarts" ]; then
	find "$dir_restarts" -mindepth 1 -printf '%P\t%p\n' | while IFS="$(printf '\t')" read -r svc run_file; do
		systemctl restart "$svc" && rm "$run_file"
		# no need to reload as well if restarting
		run_file="$dir_reloads/$svc"
		if [ -f "$run_file" ]; then
			rm "$run_file"
		fi
	done
fi

if [ -d "$dir_reloads" ]; then
	find "$dir_reloads" -mindepth 1 -printf '%P\t%p\n' | while IFS="$(printf '\t')" read -r svc run_file; do
		systemctl reload "$svc" && rm "$run_file"
	done
fi