Merge pull request #157 from jaapmarcus/fix-update-certificate-changess

Fix: Changes in Certificate request Lets Encrypt

bin/v-add-letsencrypt-domain

@@ -17,6 +17,10 @@ aliases=$3
 # LE API
 API='https://acme-v02.api.letsencrypt.org'
 
+if [[ "$LE_STAGING" = 'yes' ]]; then
+	API='https://acme-staging-v02.api.letsencrypt.org'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
@@ -56,7 +60,7 @@ query_le_v2() {
     # Save http response to file passed as "$4" arg or print to stdout if not provided
     # http response headers are always sent to stdout
     local save_to_file=${4:-"/dev/stdout"}
-    curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+    curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
  }
 
 
@@ -123,7 +127,7 @@ fi
 # Requesting nonce / STEP 1
 echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
-answer=$(curl -s -I "$API/directory")
+answer=$(curl --user-agent "myVesta" -s -I "$API/directory")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
@@ -154,6 +158,8 @@ authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
 echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
 finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
 echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
+order=$(echo -e "$answer" | grep -i location | cut -f2 -d \  | tr -d '\r\n')
+echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 201 ]]; then
@@ -288,7 +294,7 @@ for auth in $authz; do
             check_result $E_CONNECT "Let's Encrypt domain validation timeout"
         fi
         echo "[$(date)] : curl: $url2 :" >> /usr/local/vesta/log/letsencrypt.log
-        get_answer=$(curl --silent -S "$url2")
+        get_answer=$(curl --user-agent "myVesta" --silent -S "$url2")
         echo "[$(date)] : get_answer=$get_answer" >> /usr/local/vesta/log/letsencrypt.log
         sleeping=$((i*2))
         echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
@@ -323,17 +329,42 @@ if [[ "$status" -ne 200 ]]; then
     echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
     check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
 fi
-if [ "$certificate" = "" ]; then
-    echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
-    check_result $E_CONNECT "Let's Encrypt 'certificate' is empty on step 6"
-fi
+
 if [ "$nonce" = "" ]; then
-    echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
-    check_result $E_CONNECT "Let's Encrypt 'nonce' is empty on step 6"
+    echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty after step 6" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'nonce' is empty after step 6"
 fi
 
-# Downloading signed certificate / STEP 7
-echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+if [ "$certificate" = "" ]; then
+    validation="processing"
+	i=1
+	while [ "$validation" = "processing" ]; do
+        echo "[$(date)] : --- Polling server waiting for Certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+		answer=$(query_le_v2 "$order" "" "$nonce")
+		i=$((i + 1))
+
+		nonce=$(echo "$answer" | grep -i nonce | cut -f2 -d \  | tr -d '\r\n')
+        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+		status=$(echo "$answer" | grep HTTP/ | tail -n1 | cut -f 2 -d ' ')
+        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+		validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+		certificate=$(echo "$answer" | grep 'certificate":' | cut -f4 -d '"')
+        echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
+		sleep $((i * 2)) # Sleep for 2s, 4s, 6s, 8s
+		if [ $i -gt 10 ]; then
+			check_result "$E_CONNECT" "Certificate processing timeout ($domain)"
+		fi
+	done
+fi
+
+if [ "$certificate" = "" ]; then
+    echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty after step 7" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'certificate' is empty after step 7"
+fi
+
+# Downloading signed certificate / STEP 8
+echo "[$(date)] : --- Downloading signed certificate / STEP 8 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log

bin/v-add-letsencrypt-user

@@ -15,6 +15,10 @@ user=$1
 # LE API
 API='https://acme-v02.api.letsencrypt.org'
 
+if [[ "$LE_STAGING" = 'yes' ]]; then
+	API='https://acme-staging-v02.api.letsencrypt.org'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@@ -41,7 +45,7 @@ query_le_v2() {
     post_data=$post_data'"payload":"'"$payload_"'",'
     post_data=$post_data'"signature":"'"$signature_"'"}'
 
-    curl -s -i -d "$post_data" "$1" -H "$content"
+    curl --user-agent "myVesta" -s -i -d "$post_data" "$1" -H "$content"
 }