From 5c8b88f9e49d761ebb1eb869ddc14f1d5dac148e Mon Sep 17 00:00:00 2001 From: seanblanchfield Date: Mon, 10 May 2021 21:59:26 +0100 Subject: [PATCH] Fixed bug in certbot.sh that would lead to a failure to validate a domain breaking out of the retry logic, and lead to the domain being skipped. Also updated to Ubuntu 18.04 bionic, and replaced deprecated certbot-auto with certbot (via apt-get). (#51) --- Dockerfile | 13 +++---------- certbot.sh | 35 +++++++++++++++++++---------------- renewAndSendToProxy.sh | 6 +++--- 3 files changed, 25 insertions(+), 29 deletions(-) mode change 100644 => 100755 certbot.sh diff --git a/Dockerfile b/Dockerfile index 6b6c0d6..de9c087 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -#use 16.04 lts, install certbot-auto to get newest certbot version -FROM ubuntu:16.04 +#use 18.04 lts +FROM ubuntu:18.04 #set default env variables ENV DEBIAN_FRONTEND=noninteractive \ @@ -10,14 +10,7 @@ ENV DEBIAN_FRONTEND=noninteractive \ # http://stackoverflow.com/questions/33548530/envsubst-command-getting-stuck-in-a-container RUN apt-get update && \ - apt-get -y install cron supervisor curl && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -# install certbot-auto -RUN curl -o /root/certbot-auto https://dl.eff.org/certbot-auto && \ - chmod a+x /root/certbot-auto && \ - /root/certbot-auto --version --non-interactive && \ - apt-get purge -y --auto-remove gcc libc6-dev && \ + apt-get -y install cron supervisor curl certbot && \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Add supervisord.conf diff --git a/certbot.sh b/certbot.sh old mode 100644 new mode 100755 index 924e98d..8ac5122 --- a/certbot.sh +++ b/certbot.sh @@ -31,43 +31,46 @@ fi for var in $(env | grep -P 'DOMAIN_\d+' | sed -e 's/=.*//'); do cur_domains=${!var}; - declare -a arr=$cur_domains; DOMAINDIRECTORY="/etc/letsencrypt/live/${arr[0]}"; dom=""; for i in "${arr[@]}" do - let exitcode=tries=0 + let validated=tries=0 until [ $tries -ge $MAXRETRIES ] do tries=$[$tries+1] - certbot-auto certonly --dry-run "${args[@]}" -d "$i" | grep -q 'The dry run was successful.' && break - exitcode=$? - - if [ $tries -eq $MAXRETRIES ]; then - printf "${RED}Unable to verify domain ownership after ${tries} attempts.${NC}\n" + certbot certonly --dry-run "${args[@]}" -d "$i" | grep -q 'The dry run was successful.' + if [ $? -eq 0 ]; then + validated=1 + break else - printf "${RED}Unable to verify domain ownership, we try again in ${TIMEOUT} seconds.${NC}\n" - sleep $TIMEOUT + if [ $tries -eq $MAXRETRIES ]; then + printf "${RED}Unable to verify domain ownership after ${tries} attempts.${NC}\n" + else + printf "${RED}Unable to verify domain ownership, we try again in ${TIMEOUT} seconds.${NC}\n" + sleep $TIMEOUT + fi fi - done - if [ $exitcode -eq 0 ]; then + done + echo "Validated is $validated" + if [ $validated -eq 1 ]; then printf "Domain $i successfully validated\n" dom="$dom -d $i" fi done - + #only if we have successfully validated at least a single domain we have to continue if [ -n "$dom" ]; then # check if DOMAINDIRECTORY exists, if it exists use --cert-name to prevent 0001 0002 0003 folders if [ -d "$DOMAINDIRECTORY" ]; then - printf "\nUse certbot-auto certonly %s --cert-name %s\n" "${args[*]}" "${arr[0]}"; - certbot-auto certonly "${args[@]}" --cert-name "${arr[0]}" $dom + printf "\nUse certbot certonly %s --cert-name %s\n" "${args[*]}" "${arr[0]}"; + certbot certonly "${args[@]}" --cert-name "${arr[0]}" $dom else - printf "\nUse certbot-auto certonly %s\n" "${args[*]}"; - certbot-auto certonly "${args[@]}" $dom + printf "\nUse certbot certonly %s\n" "${args[*]}"; + certbot certonly "${args[@]}" $dom fi fi diff --git a/renewAndSendToProxy.sh b/renewAndSendToProxy.sh index e5bb623..34a9410 100644 --- a/renewAndSendToProxy.sh +++ b/renewAndSendToProxy.sh @@ -58,9 +58,9 @@ done #full path is needed or it is not started when run as cron -#--no-bootstrap: prevent the certbot-auto script from installing OS-level dependencies -#--no-self-upgrade: revent the certbot-auto script from upgrading itself to newer released versions -/root/certbot-auto renew --no-bootstrap --no-self-upgrade > /var/log/dockeroutput.log +#--no-bootstrap: prevent certbot from installing OS-level dependencies +#--no-self-upgrade: prevent certbot from upgrading itself to newer released versions +certbot renew --no-bootstrap --no-self-upgrade > /var/log/dockeroutput.log echo $PROXY_ADDRESS | tr ',' '\n' | while read proxy_addr; do printf "Docker Flow: Proxy DNS-Name: ${GREEN}$proxy_addr${NC}\n";