github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 05:44:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix: Changes in Certificate request Lets Encrypt

Browse source 
See: https://community.letsencrypt.org/t/myvesta-hestiacp-vestacp-fail-issuance-with-async-finalization/195923

And https://github.com/hestiacp/hestiacp/pull/3442

Not tested on Vesta CP
❤️
This commit is contained in:
Jaap Marcus 2023-04-06 01:23:10 +02:00 committed by GitHub
commit 4771d2502c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

30
bin/v-add-letsencrypt-domain
View file

@ -56,7 +56,7 @@ query_le_v2() {
# Save http response to file passed as "$4" arg or print to stdout if not provided # Save http response to file passed as "$4" arg or print to stdout if not provided
# http response headers are always sent to stdout # http response headers are always sent to stdout
local save_to_file=${4:-"/dev/stdout"} local save_to_file=${4:-"/dev/stdout"}
curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" curl --location --user-agent "MyVestaCP" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
} }
@ -154,6 +154,8 @@ authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"') finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n')
echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 201 ]]; then if [[ "$status" -ne 201 ]]; then
@ -324,16 +326,34 @@ if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt finalize bad status $status" check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
fi fi
if [ "$certificate" = "" ]; then if [ "$certificate" = "" ]; then
echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log validation="processing"
check_result $E_CONNECT "Let's Encrypt 'certificate' is empty on step 6" i=1
while [ "$validation" = "processing" ]; do
echo "[$(date)] : --- Polling server waiting for Certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$order" "" "$nonce")
i=$((i + 1))
nonce=$(echo "$answer" | grep -i nonce | cut -f2 -d \ | tr -d '\r\n')
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer" | grep HTTP/ | tail -n1 | cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
certificate=$(echo "$answer" | grep 'certificate":' | cut -f4 -d '"')
echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
sleep $((i * 2)) # Sleep for 2s, 4s, 6s, 8s
if [ $i -gt 10 ]; then
check_result "$E_CONNECT" "Certificate processing timeout ($domain)"
fi
done
fi fi
if [ "$nonce" = "" ]; then if [ "$nonce" = "" ]; then
echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt 'nonce' is empty on step 6" check_result $E_CONNECT "Let's Encrypt 'nonce' is empty on step 6"
fi fi
# Downloading signed certificate / STEP 7 # Downloading signed certificate / STEP 8
echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : --- Downloading signed certificate / STEP 8 ---" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem") answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log