Fixed bug in certbot.sh that would lead to a failure to validate a do…

…main breaking out of the retry logic, and lead to the domain being skipped. Also updated to Ubuntu 18.04 bionic, and replaced deprecated certbot-auto with certbot (via apt-get). (#51)
hamburml · May 10, 2021 · 5c8b88f · 5c8b88f
1 parent 814bde3
commit 5c8b88f
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 29 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
-#use 16.04 lts, install certbot-auto to get newest certbot version
-FROM ubuntu:16.04
+#use 18.04 lts
+FROM ubuntu:18.04
 
 #set default env variables
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -10,14 +10,7 @@ ENV DEBIAN_FRONTEND=noninteractive \
 
 # http://stackoverflow.com/questions/33548530/envsubst-command-getting-stuck-in-a-container
 RUN apt-get update && \
-    apt-get -y install cron supervisor curl && \
-    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-# install certbot-auto
-RUN curl -o /root/certbot-auto https://dl.eff.org/certbot-auto && \
-    chmod a+x /root/certbot-auto && \
-    /root/certbot-auto --version --non-interactive && \
-    apt-get purge -y --auto-remove gcc libc6-dev && \
+    apt-get -y install cron supervisor curl certbot && \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add supervisord.conf

diff --git a/certbot.sh b/certbot.sh
@@ -31,43 +31,46 @@ fi
 
 for var in $(env | grep -P 'DOMAIN_\d+' | sed  -e 's/=.*//'); do
   cur_domains=${!var};
-
   declare -a arr=$cur_domains;
 
   DOMAINDIRECTORY="/etc/letsencrypt/live/${arr[0]}";
   dom="";
   for i in "${arr[@]}"
   do
-    let exitcode=tries=0
+    let validated=tries=0
     until [ $tries -ge $MAXRETRIES ]
     do
       tries=$[$tries+1]
-      certbot-auto certonly --dry-run "${args[@]}" -d "$i" | grep -q 'The dry run was successful.' && break
-      exitcode=$?
-
-      if [ $tries -eq $MAXRETRIES ]; then
-        printf "${RED}Unable to verify domain ownership after ${tries} attempts.${NC}\n"
+      certbot certonly --dry-run "${args[@]}" -d "$i" | grep -q 'The dry run was successful.'
+      if [ $? -eq 0 ]; then
+        validated=1
+        break
       else
-        printf "${RED}Unable to verify domain ownership, we try again in ${TIMEOUT} seconds.${NC}\n"
-        sleep $TIMEOUT
+        if [ $tries -eq $MAXRETRIES ]; then
+          printf "${RED}Unable to verify domain ownership after ${tries} attempts.${NC}\n"
+        else
+          printf "${RED}Unable to verify domain ownership, we try again in ${TIMEOUT} seconds.${NC}\n"
+          sleep $TIMEOUT
+        fi
       fi
-    done
 
-    if [ $exitcode -eq 0 ]; then
+    done
+    echo "Validated is $validated"
+    if [ $validated -eq 1 ]; then
       printf "Domain $i successfully validated\n"
       dom="$dom -d $i"
     fi
   done
-
+  
   #only if we have successfully validated at least a single domain we have to continue
   if [ -n "$dom" ]; then
     # check if DOMAINDIRECTORY exists, if it exists use --cert-name to prevent 0001 0002 0003 folders
     if [ -d "$DOMAINDIRECTORY" ]; then
-      printf "\nUse certbot-auto certonly %s --cert-name %s\n" "${args[*]}" "${arr[0]}";
-      certbot-auto certonly "${args[@]}" --cert-name "${arr[0]}" $dom
+      printf "\nUse certbot certonly %s --cert-name %s\n" "${args[*]}" "${arr[0]}";
+      certbot certonly "${args[@]}" --cert-name "${arr[0]}" $dom
     else
-      printf "\nUse certbot-auto certonly %s\n" "${args[*]}";
-      certbot-auto certonly "${args[@]}" $dom
+      printf "\nUse certbot certonly %s\n" "${args[*]}";
+      certbot certonly "${args[@]}" $dom
     fi
   fi
 

diff --git a/renewAndSendToProxy.sh b/renewAndSendToProxy.sh
@@ -58,9 +58,9 @@ done
 
 #full path is needed or it is not started when run as cron
 
-#--no-bootstrap: prevent the certbot-auto script from installing OS-level dependencies
-#--no-self-upgrade: revent the certbot-auto script from upgrading itself to newer released versions
-/root/certbot-auto renew --no-bootstrap --no-self-upgrade > /var/log/dockeroutput.log
+#--no-bootstrap: prevent certbot from installing OS-level dependencies
+#--no-self-upgrade: prevent certbot from upgrading itself to newer released versions
+certbot renew --no-bootstrap --no-self-upgrade > /var/log/dockeroutput.log
 
 echo $PROXY_ADDRESS | tr ',' '\n' | while read proxy_addr; do
 	printf "Docker Flow: Proxy DNS-Name: ${GREEN}$proxy_addr${NC}\n";