Compare certificate to current certificate and only upload if they are different

Author: arnested

Dockerfile

@@ -3,11 +3,12 @@ MAINTAINER Arne Jørgensen
 
 RUN set -x && \
     apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang-go git php-cli php-curl ruby && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y -q golang-go git php-cli php-curl ruby python-pip && \
     GOPATH=/usr/local go get -u github.com/xenolf/lego && \
     curl -sS https://platform.sh/cli/installer | php && \
     curl -sS -o /opt/yamledit.rb https://raw.githubusercontent.com/dbrandenburg/yamledit/e277715d71ed5bac17e97267577dd612fcc7ee2c/yamledit.rb && \
-    DEBIAN_FRONTEND=noninteractive apt-get purge -y -q golang-go && \
+    pip install shyaml && \
+    DEBIAN_FRONTEND=noninteractive apt-get purge -y -q golang-go python-pip && \
     apt-get clean -y -q && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 

usr/local/bin/lego-platform.sh

@@ -77,7 +77,19 @@ upload_certificate () {
     local cert=${TMPDIR}/cert-01
     local key=${LEGOPATH}/certificates/${domain}.key
     local chain=${TMPDIR}/cert-02
-    platform domain:update --yes --cert=${cert} --key=${key} --chain=${chain} --project="${PLATFORMSH_PROJECT_ID}" "${domain}"
+    local current=${TMPDIR}/current
+
+    # Compare certificate to current certificate at platform.sh. Only upload if they are different.
+
+    # We allow the following commands to fail because there might not be a current certificate.
+    set -x
+    platform domain:get --project="${PLATFORMSH_PROJECT_ID}" --property=ssl "${domain}" |  shyaml get-value certificate > "${current}"
+
+    if [ "$(openssl x509 -in "${cert}"  -noout -fingerprint)" != "$(openssl x509 -in "${current}"  -noout -fingerprint)" ]; then
+       platform domain:update --yes --cert=${cert} --key=${key} --chain=${chain} --project="${PLATFORMSH_PROJECT_ID}" "${domain}"
+    fi
+
+    set +x
 }
 
 verify_preconditions && create_or_renew_domains && upload_certificates