projects
/
shutils.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
263edcd
)
letsencrypt: Retry renewal also on failed verify
author
Stefan Huber <shuber@sthu.org>
Fri, 8 Oct 2021 14:56:56 +0000
(16:56 +0200)
committer
Stefan Huber <shuber@sthu.org>
Fri, 8 Oct 2021 14:56:56 +0000
(16:56 +0200)
letsencrypt/renewal.sh
patch
|
blob
|
history
diff --git
a/letsencrypt/renewal.sh
b/letsencrypt/renewal.sh
index 1e2e11e96f44ef86078b8dc7f673323f8c570a66..eb9c9df80857bd255cabb2ff5ca9efa9886c0713 100644
(file)
--- a/
letsencrypt/renewal.sh
+++ b/
letsencrypt/renewal.sh
@@
-20,6
+20,8
@@
fi
cd /etc/ssl/letsencrypt
cd /etc/ssl/letsencrypt
+SUCCESS=0
+
# Get a updated certificate.
for i in `seq 1 3`; do
if acme-tiny --account-key account.key --csr domain.csr --acme-dir /var/www/challenges \
# Get a updated certificate.
for i in `seq 1 3`; do
if acme-tiny --account-key account.key --csr domain.csr --acme-dir /var/www/challenges \
@@
-34,6
+36,7
@@
for i in `seq 1 3`; do
mv -f signed_new.crt signed.crt
cat signed.crt chain.pem > fullchain.pem
mv -f signed_new.crt signed.crt
cat signed.crt chain.pem > fullchain.pem
+ SUCCESS=1
echo ""
echo "[Success] Acme tiny successfully renewed certificate." | tee -a ${LOGFILE}
echo ""
echo ""
echo "[Success] Acme tiny successfully renewed certificate." | tee -a ${LOGFILE}
echo ""
@@
-42,17
+45,23
@@
for i in `seq 1 3`; do
for serv in apache nginx dovecot postfix; do
systemctl is-active --quiet ${serv} && systemctl reload ${serv}
done
for serv in apache nginx dovecot postfix; do
systemctl is-active --quiet ${serv} && systemctl reload ${serv}
done
+
+ # No more retries
+ break
else
else
- echo "[Error]
Acme tiny have problems
." | tee -a ${LOGFILE} >&2
+ echo "[Error]
Verification of obtained cert failed
." | tee -a ${LOGFILE} >&2
fi
fi
- break
else
else
- # Sleep for max 9999 seconds, then try again.
- echo "[Notice] Acme tiny retry triggered." | tee -a ${LOGFILE} >&2
- sleep `tr -cd 0-9 < /dev/urandom | head -c 4`
+ # Sleep for max 999 seconds, then try again.
+ sleep `tr -cd 0-9 < /dev/urandom | head -c 3`
fi
done
fi
done
+if [ ${SUCCESS} = 0 ]; then
+ echo "[Error] Reached max number of retry attempts." | tee -a ${LOGFILE} >&2
+fi
+
+
# Stop temp web server and close port 80 if needed.
if [ $PORT80 = 0 ]; then
/usr/sbin/iptables -D INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
# Stop temp web server and close port 80 if needed.
if [ $PORT80 = 0 ]; then
/usr/sbin/iptables -D INPUT -i venet0 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT