From 593887676830886cad4cb325a1e9041eab492ff1 Mon Sep 17 00:00:00 2001
From: Darsey Litzenberger <dlitz@dlitz.net>
Date: Thu, 19 Mar 2026 19:59:18 -0600
Subject: [PATCH] Add acmetool hook example

---
 examples/acmetool/mikrotik-cert-push-hook | 34 +++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100755 examples/acmetool/mikrotik-cert-push-hook

diff --git a/examples/acmetool/mikrotik-cert-push-hook b/examples/acmetool/mikrotik-cert-push-hook
new file mode 100755
index 0000000..bb5d96f
--- /dev/null
+++ b/examples/acmetool/mikrotik-cert-push-hook
@@ -0,0 +1,34 @@
+#!/bin/bash
+# dlitz 2026
+set -eu
+
+EVENT_NAME="$1"
+[ "$EVENT_NAME" = "live-updated" ] || exit 42
+
+[ -e "/etc/default/acme-mikrotik-cert-push-hook" ] && . /etc/default/acme-mikrotik-cert-push-hook
+[ -e "/etc/conf.d/acme-mikrotik-cert-push-hook" ] && . /etc/conf.d/acme-mikrotik-cert-push-hook
+[ -z "$ACME_STATE_DIR" ] && ACME_STATE_DIR="/var/lib/acme"
+
+declare -A match_hosts=()
+while read name dummy; do
+    if [[ "$name" == \#* ]]; then
+        # Ignore comments
+        continue
+    fi
+    match_hosts["$name"]=1
+done < "$ACME_STATE_DIR/conf/mikrotik-hosts"
+
+cd /opt/mtik-cert-pusher
+
+while read name; do
+    certdir="$ACME_STATE_DIR/live/$name"
+    if [ -z "$name" -o ! -e "$certdir" ]; then
+        continue
+    fi
+
+    if ! [ "${match_hosts[$name]+1}" ]; then
+        continue
+    fi
+
+    python3 -m mtik_cert_pusher deploy ---private-key "$certdir/privkey" --cert "$certdir/cert" --chain "$certdir/chain" --ssh-host "$name"
+done