OCSP stapling file is updated after hooks are called

[NotActuallyTerry]

With OCSP_FETCH="yes", the code responsible for fetching the OCSP response is run after the deploy_cert & unchanged_cert hooks are called. This makes it impossible to update the stapling files for haproxy & other webservers that require the file to be named in a specific way.

Perhaps one way of solving it could be calling a new hook ocsp_update whenever the response is updated:
[[ -n "${HOOK}" ]] && "${HOOK}" "ocsp_update" "${domain}" "${certdir}/ocsp.der"

[lukas2511]

I merged your pull-request but extended it in 8ba56a8. Basically renamed the hook to deploy_ocsp (to be similar to deploy_cert) and exported altnames for use inside the hook. Thanks for the suggestion and the initial pull-request!

[zhangyoufu]

If I understand correctly, deploy_ocsp hook should be responsible for triggering cert/key/ocsp reload, and deploy_cert hook should not be used. Just in case a certificate was issued successfully, while fetching ocsp failed. A new cert should not be used in conjunction with old ocsp.der.