From 365511be934b5bd80604c59ddd1a43590d078aa7 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Tue, 22 Jan 2019 15:38:55 +0100 Subject: [PATCH] fix: [letsencrypt] certificate renewal error upon ``crt create`` with ``http`` auth method The renewal was not properly anticipated, and port 80 was not exposed as a consequence, leading to a failure to renew the certificate. --- letsencrypt/hooks/dc-pre-run | 2 +- letsencrypt/lib/common | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/letsencrypt/hooks/dc-pre-run b/letsencrypt/hooks/dc-pre-run index 7721754..2fa5e71 100755 --- a/letsencrypt/hooks/dc-pre-run +++ b/letsencrypt/hooks/dc-pre-run @@ -59,7 +59,7 @@ if ! challenge_type=$(printf "%s" "$service_def" | shyaml get-value "options.cha fi config+=$(echo -en "\n CHALLENGE_TYPE: $challenge_type") -if will_need_http_access ;then +if will_need_http_access; then while read container_id; do info "Attempting to clear port 80 by stopping $container_id" docker stop -t 5 "$container_id" diff --git a/letsencrypt/lib/common b/letsencrypt/lib/common index 2a01777..76bed4f 100644 --- a/letsencrypt/lib/common +++ b/letsencrypt/lib/common @@ -25,7 +25,7 @@ yaml_opt_bash_env_ignore_first_level() { will_need_http_access() { - local domains args_domains + local domains args_domains remaining [ "$challenge_type" == "http" ] || return 1 [ "${remainder_args[0]}" == "crt" ] || return 1 [ "${remainder_args[1]}" == "create" ] || return 1 @@ -40,5 +40,9 @@ will_need_http_access() { args_domains=$(printf "%s " ${remainder_args[*]:2} | tr " " "\n" | sort) info domains: "$domains" info args_domain: "$args_domains" - [ "$domains" != "$args_domains" ] + remaining=$(printf "%s" "$out" | shyaml get-value remaining) || return 0 + ## XXXvlab: not using the variables to decide number of max days remaining + ## for asking new certificate + [ "$domains" != "$args_domains" ] || [ "$remaining" -lt 30 ] + } \ No newline at end of file