Certbot deploy hook to reload Home Assistant SSL Settings

renewal-deploy-hook.sh

#!/bin/sh
set -e

TARGET_DOMAIN="example.org"

echo "Renewed Domains:"
echo $RENEWED_DOMAINS

# Only run for the target domain
if ! echo "$RENEWED_DOMAINS" | grep -qw "$TARGET_DOMAIN"; then
 exit 0
fi

: "${AGH_URL:?AGH_URL is not set}"
: "${AGH_USERNAME:?AGH_USERNAME is not set}"
: "${AGH_PASSWORD:?AGH_PASSWORD is not set}"

JSON_BODY=$(cat <<EOF
{
    "enabled": true,
    "serve_plain_dns": true,
    "server_name": "$TARGET_DOMAIN",
    "force_https": false,
    "port_https": 443,
    "port_dns_over_tls": 853,
    "port_dns_over_quic": 853,
    "certificate_chain": "",
    "private_key": "",
    "certificate_path": "/etc/letsencrypt/live/${TARGET_DOMAIN}/fullchain.pem",
    "private_key_path": "/etc/letsencrypt/live/${TARGET_DOMAIN}/privkey.pem"
}
EOF
)

echo $JSON_BODY | python -m json.tool

AUTH=$(printf "%s:%s" "$AGH_USERNAME" "$AGH_PASSWORD" | base64)
wget \
  --header="Content-Type: application/json" \
  --header="Authorization: Basic $AUTH" \
  --post-data="$JSON_BODY" \
  -O - \
  "${AGH_URL}/control/tls/configure" | python -m json.tool