Browse Source

fix: [letsencrypt] certificate renewal error upon ``crt create`` with ``http`` auth method

The renewal was not properly anticipated, and port 80 was not exposed as
a consequence, leading to a failure to renew the certificate.
framadate
Valentin Lab 6 years ago
parent
commit
365511be93
  1. 2
      letsencrypt/hooks/dc-pre-run
  2. 8
      letsencrypt/lib/common

2
letsencrypt/hooks/dc-pre-run

@ -59,7 +59,7 @@ if ! challenge_type=$(printf "%s" "$service_def" | shyaml get-value "options.cha
fi fi
config+=$(echo -en "\n CHALLENGE_TYPE: $challenge_type") config+=$(echo -en "\n CHALLENGE_TYPE: $challenge_type")
if will_need_http_access ;then
if will_need_http_access; then
while read container_id; do while read container_id; do
info "Attempting to clear port 80 by stopping $container_id" info "Attempting to clear port 80 by stopping $container_id"
docker stop -t 5 "$container_id" docker stop -t 5 "$container_id"

8
letsencrypt/lib/common

@ -25,7 +25,7 @@ yaml_opt_bash_env_ignore_first_level() {
will_need_http_access() { will_need_http_access() {
local domains args_domains
local domains args_domains remaining
[ "$challenge_type" == "http" ] || return 1 [ "$challenge_type" == "http" ] || return 1
[ "${remainder_args[0]}" == "crt" ] || return 1 [ "${remainder_args[0]}" == "crt" ] || return 1
[ "${remainder_args[1]}" == "create" ] || return 1 [ "${remainder_args[1]}" == "create" ] || return 1
@ -40,5 +40,9 @@ will_need_http_access() {
args_domains=$(printf "%s " ${remainder_args[*]:2} | tr " " "\n" | sort) args_domains=$(printf "%s " ${remainder_args[*]:2} | tr " " "\n" | sort)
info domains: "$domains" info domains: "$domains"
info args_domain: "$args_domains" info args_domain: "$args_domains"
[ "$domains" != "$args_domains" ]
remaining=$(printf "%s" "$out" | shyaml get-value remaining) || return 0
## XXXvlab: not using the variables to decide number of max days remaining
## for asking new certificate
[ "$domains" != "$args_domains" ] || [ "$remaining" -lt 30 ]
} }
Loading…
Cancel
Save