Browse Source

Make certificate import more failure tolerant

If an error occurs while trying to import certificate in to webserver
configuration, the script will now set a marker file to the related
domain and tries again to import the cert in next script run.
Before those failures have been reported in log, but there was no
treatment.

[FS#136](https://fs.golderweb.de/index.php?do=details&task_id=136)
master
Jonathan Golder 2 years ago
parent
commit
2e42710925
Signed by: Jonathan Golder <jonathan@golderweb.de> GPG Key ID: A63CA3193092AD20
1 changed files with 28 additions and 2 deletions
  1. +28
    -2
      letsencrypt-renew.sh

+ 28
- 2
letsencrypt-renew.sh View File

@@ -42,12 +42,39 @@ if [ ! -d "${LECONFIGDIR}" ]; then
exit 1
fi

# import_certificate
#
# Try to import certificate in webserver config using uberspace-add-certificate
#
# If something fails, leave a file as marker so we can try it again with next
# script run. Failures occur occasionally due to problems with connection to
# letsencrypt while import.
import_certificate() {
# import certificate
uberspace-add-certificate -k "${LECONFIGDIR}/live/${domain}/privkey.pem" -c "${LECONFIGDIR}/live/${domain}/cert.pem"

# Not successfull?
if [ $? -ne 0 ]; then
# Set error marker
touch "${LECONFIGDIR}/live/${domain}/importerror"
elif [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
# Remove error marker
rm "${LECONFIGDIR}/live/${domain}/importerror"
fi
}

# Get all existing inifiles matching namescheme cli-${domain}.ini
for inifile in "${LECONFIGDIR}"/cli-*.ini; do

# Get domain out of file (first value in property "domains")
domain=$(grep -e "[ \t]*domains.*" "${inifile}" | sed "s/ //g" |cut -d "=" -f2 | cut -d "," -f1)

# If there was an import error before, try again to import certificate
if [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then

import_certificate
fi

# sleep for a random time so not all certificates get renewed at the same time
if [ $FIRSTITER -ne 1 ]; then
sleep $(expr $RANDOM % 600)
@@ -60,7 +87,6 @@ for inifile in "${LECONFIGDIR}"/cli-*.ini; do
FIRSTITER=0
letsencrypt certonly -c "${inifile}" || continue

# import certificate
uberspace-add-certificate -k "${LECONFIGDIR}/live/${domain}/privkey.pem" -c "${LECONFIGDIR}/live/${domain}/cert.pem"
import_certificate

done

Loading…
Cancel
Save