Просмотр исходного кода

Make certificate import more failure tolerant

If an error occurs while trying to import certificate in to webserver
configuration, the script will now set a marker file to the related
domain and tries again to import the cert in next script run.
Before those failures have been reported in log, but there was no
treatment.

[FS#136](https://fs.golderweb.de/index.php?do=details&task_id=136)
master
Jonathan Golder 7 лет назад
Родитель
Сommit
2e42710925
Подписано: golderweb Идентификатор GPG ключа: A63CA3193092AD20
  1. 30
      letsencrypt-renew.sh

30
letsencrypt-renew.sh

@ -42,12 +42,39 @@ if [ ! -d "${LECONFIGDIR}" ]; then
exit 1
fi
# import_certificate
#
# Try to import certificate in webserver config using uberspace-add-certificate
#
# If something fails, leave a file as marker so we can try it again with next
# script run. Failures occur occasionally due to problems with connection to
# letsencrypt while import.
import_certificate() {
# import certificate
uberspace-add-certificate -k "${LECONFIGDIR}/live/${domain}/privkey.pem" -c "${LECONFIGDIR}/live/${domain}/cert.pem"
# Not successfull?
if [ $? -ne 0 ]; then
# Set error marker
touch "${LECONFIGDIR}/live/${domain}/importerror"
elif [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
# Remove error marker
rm "${LECONFIGDIR}/live/${domain}/importerror"
fi
}
# Get all existing inifiles matching namescheme cli-${domain}.ini
for inifile in "${LECONFIGDIR}"/cli-*.ini; do
# Get domain out of file (first value in property "domains")
domain=$(grep -e "[ \t]*domains.*" "${inifile}" | sed "s/ //g" |cut -d "=" -f2 | cut -d "," -f1)
# If there was an import error before, try again to import certificate
if [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
import_certificate
fi
# sleep for a random time so not all certificates get renewed at the same time
if [ $FIRSTITER -ne 1 ]; then
sleep $(expr $RANDOM % 600)
@ -60,7 +87,6 @@ for inifile in "${LECONFIGDIR}"/cli-*.ini; do
FIRSTITER=0
letsencrypt certonly -c "${inifile}" || continue
# import certificate
uberspace-add-certificate -k "${LECONFIGDIR}/live/${domain}/privkey.pem" -c "${LECONFIGDIR}/live/${domain}/cert.pem"
import_certificate
done

Загрузка…
Отмена
Сохранить