From 4771d2502c9f523a5d29bd25211ee443897af849 Mon Sep 17 00:00:00 2001
From: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
Date: Thu, 6 Apr 2023 01:23:10 +0200
Subject: [PATCH 1/7] Fix: Changes in Certificate request Lets Encrypt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See: https://community.letsencrypt.org/t/myvesta-hestiacp-vestacp-fail-issuance-with-async-finalization/195923

And https://github.com/hestiacp/hestiacp/pull/3442

Not tested on Vesta CP
❤️
---
 bin/v-add-letsencrypt-domain | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain
index 9d9b7cbe..c37492b7 100755
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@@ -56,7 +56,7 @@ query_le_v2() {
     # Save http response to file passed as "$4" arg or print to stdout if not provided
     # http response headers are always sent to stdout
     local save_to_file=${4:-"/dev/stdout"}
-    curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+    curl --location --user-agent "MyVestaCP" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
 }
 
 
@@ -154,6 +154,8 @@ authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
 echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
 finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
 echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
+order=$(echo -e "$answer" | grep -i location | cut -f2 -d \  | tr -d '\r\n')
+echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 201 ]]; then
@@ -324,16 +326,34 @@ if [[ "$status" -ne 200 ]]; then
     check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
 fi
 if [ "$certificate" = "" ]; then
-    echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
-    check_result $E_CONNECT "Let's Encrypt 'certificate' is empty on step 6"
+    validation="processing"
+	i=1
+	while [ "$validation" = "processing" ]; do
+        echo "[$(date)] : --- Polling server waiting for Certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+		answer=$(query_le_v2 "$order" "" "$nonce")
+		i=$((i + 1))
+
+		nonce=$(echo "$answer" | grep -i nonce | cut -f2 -d \  | tr -d '\r\n')
+        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+		status=$(echo "$answer" | grep HTTP/ | tail -n1 | cut -f 2 -d ' ')
+        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+		validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+		certificate=$(echo "$answer" | grep 'certificate":' | cut -f4 -d '"')
+        echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
+		sleep $((i * 2)) # Sleep for 2s, 4s, 6s, 8s
+		if [ $i -gt 10 ]; then
+			check_result "$E_CONNECT" "Certificate processing timeout ($domain)"
+		fi
+	done
 fi
 if [ "$nonce" = "" ]; then
     echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
     check_result $E_CONNECT "Let's Encrypt 'nonce' is empty on step 6"
 fi
 
-# Downloading signed certificate / STEP 7
-echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+# Downloading signed certificate / STEP 8
+echo "[$(date)] : --- Downloading signed certificate / STEP 8 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log

From 2f395f0a5e09c18ac3b75e364964b8ed40777da5 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Thu, 6 Apr 2023 09:06:03 +0200
Subject: [PATCH 2/7] Add staging

---
 bin/v-add-letsencrypt-domain | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain
index c37492b7..117d3eff 100755
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@@ -17,6 +17,10 @@ aliases=$3
 # LE API
 API='https://acme-v02.api.letsencrypt.org'
 
+if [[ "$LE_STAGING" = 'yes' ]]; then
+	LE_API='https://acme-staging-v02.api.letsencrypt.org'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh

From f50a785fffcfd1cdd1e8c94bf0af38207d24a763 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Thu, 6 Apr 2023 09:10:50 +0200
Subject: [PATCH 3/7] Changing user-agent in v-add-letsencrypt-domain

---
 bin/v-add-letsencrypt-domain | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain
index 117d3eff..305589e6 100755
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@@ -60,8 +60,8 @@ query_le_v2() {
     # Save http response to file passed as "$4" arg or print to stdout if not provided
     # http response headers are always sent to stdout
     local save_to_file=${4:-"/dev/stdout"}
-    curl --location --user-agent "MyVestaCP" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
-}
+    curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+ }
 
 
 
@@ -127,7 +127,7 @@ fi
 # Requesting nonce / STEP 1
 echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
-answer=$(curl -s -I "$API/directory")
+answer=$(curl --user-agent "myVesta" -s -I "$API/directory")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
@@ -294,7 +294,7 @@ for auth in $authz; do
             check_result $E_CONNECT "Let's Encrypt domain validation timeout"
         fi
         echo "[$(date)] : curl: $url2 :" >> /usr/local/vesta/log/letsencrypt.log
-        get_answer=$(curl --silent -S "$url2")
+        get_answer=$(curl --user-agent "myVesta" --silent -S "$url2")
         echo "[$(date)] : get_answer=$get_answer" >> /usr/local/vesta/log/letsencrypt.log
         sleeping=$((i*2))
         echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log

From a18ee316a220265faf5d0cb329fee2c5b6c13b92 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Thu, 6 Apr 2023 09:56:18 +0200
Subject: [PATCH 4/7] $LE_API to $API

---
 bin/v-add-letsencrypt-domain | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain
index 305589e6..457557f0 100755
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@@ -18,7 +18,7 @@ aliases=$3
 API='https://acme-v02.api.letsencrypt.org'
 
 if [[ "$LE_STAGING" = 'yes' ]]; then
-	LE_API='https://acme-staging-v02.api.letsencrypt.org'
+	API='https://acme-staging-v02.api.letsencrypt.org'
 fi
 
 # Includes

From 1056cd624bc8319e1bc51de674a7a9da50329bf1 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Thu, 6 Apr 2023 10:00:57 +0200
Subject: [PATCH 5/7] Adding LE_STAGING to v-add-letsencrypt-user

---
 bin/v-add-letsencrypt-user | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user
index 11aec113..9c7181c0 100755
--- a/bin/v-add-letsencrypt-user
+++ b/bin/v-add-letsencrypt-user
@@ -15,6 +15,10 @@ user=$1
 # LE API
 API='https://acme-v02.api.letsencrypt.org'
 
+if [[ "$LE_STAGING" = 'yes' ]]; then
+	API='https://acme-staging-v02.api.letsencrypt.org'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf

From fbf1d3390a97da4dfd2f0619644b3f0ad52e58ea Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Thu, 6 Apr 2023 10:24:54 +0200
Subject: [PATCH 6/7] Checking for $nonce before step 7, and check for
 $certificate after step 7

---
 bin/v-add-letsencrypt-domain | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain
index 457557f0..7a306ab3 100755
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@@ -329,6 +329,12 @@ if [[ "$status" -ne 200 ]]; then
     echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
     check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
 fi
+
+if [ "$nonce" = "" ]; then
+    echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty after step 6" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'nonce' is empty after step 6"
+fi
+
 if [ "$certificate" = "" ]; then
     validation="processing"
 	i=1
@@ -351,9 +357,10 @@ if [ "$certificate" = "" ]; then
 		fi
 	done
 fi
-if [ "$nonce" = "" ]; then
-    echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
-    check_result $E_CONNECT "Let's Encrypt 'nonce' is empty on step 6"
+
+if [ "$certificate" = "" ]; then
+    echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty after step 7" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'certificate' is empty after step 7"
 fi
 
 # Downloading signed certificate / STEP 8

From b21efb09b6ca5441f157597ae6ef146df95782c2 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Thu, 6 Apr 2023 10:28:44 +0200
Subject: [PATCH 7/7] Adding user-agent in v-add-letsencrypt-user

---
 bin/v-add-letsencrypt-user | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user
index 9c7181c0..d2338e82 100755
--- a/bin/v-add-letsencrypt-user
+++ b/bin/v-add-letsencrypt-user
@@ -45,7 +45,7 @@ query_le_v2() {
     post_data=$post_data'"payload":"'"$payload_"'",'
     post_data=$post_data'"signature":"'"$signature_"'"}'
 
-    curl -s -i -d "$post_data" "$1" -H "$content"
+    curl --user-agent "myVesta" -s -i -d "$post_data" "$1" -H "$content"
 }