diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 9d9b7cbe0..7a306ab32 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -17,6 +17,10 @@ aliases=$3 # LE API API='https://acme-v02.api.letsencrypt.org' +if [[ "$LE_STAGING" = 'yes' ]]; then + API='https://acme-staging-v02.api.letsencrypt.org' +fi + # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh @@ -56,8 +60,8 @@ query_le_v2() { # Save http response to file passed as "$4" arg or print to stdout if not provided # http response headers are always sent to stdout local save_to_file=${4:-"/dev/stdout"} - curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" -} + curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" + } @@ -123,7 +127,7 @@ fi # Requesting nonce / STEP 1 echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log -answer=$(curl -s -I "$API/directory") +answer=$(curl --user-agent "myVesta" -s -I "$API/directory") echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log @@ -154,6 +158,8 @@ authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"') echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"') echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log +order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n') +echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 201 ]]; then @@ -288,7 +294,7 @@ for auth in $authz; do check_result $E_CONNECT "Let's Encrypt domain validation timeout" fi echo "[$(date)] : curl: $url2 :" >> /usr/local/vesta/log/letsencrypt.log - get_answer=$(curl --silent -S "$url2") + get_answer=$(curl --user-agent "myVesta" --silent -S "$url2") echo "[$(date)] : get_answer=$get_answer" >> /usr/local/vesta/log/letsencrypt.log sleeping=$((i*2)) echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log @@ -323,17 +329,42 @@ if [[ "$status" -ne 200 ]]; then echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt finalize bad status $status" fi -if [ "$certificate" = "" ]; then - echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log - check_result $E_CONNECT "Let's Encrypt 'certificate' is empty on step 6" -fi + if [ "$nonce" = "" ]; then - echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log - check_result $E_CONNECT "Let's Encrypt 'nonce' is empty on step 6" + echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty after step 6" >> /usr/local/vesta/log/letsencrypt.log + check_result $E_CONNECT "Let's Encrypt 'nonce' is empty after step 6" fi -# Downloading signed certificate / STEP 7 -echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log +if [ "$certificate" = "" ]; then + validation="processing" + i=1 + while [ "$validation" = "processing" ]; do + echo "[$(date)] : --- Polling server waiting for Certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$order" "" "$nonce") + i=$((i + 1)) + + nonce=$(echo "$answer" | grep -i nonce | cut -f2 -d \ | tr -d '\r\n') + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer" | grep HTTP/ | tail -n1 | cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + certificate=$(echo "$answer" | grep 'certificate":' | cut -f4 -d '"') + echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log + sleep $((i * 2)) # Sleep for 2s, 4s, 6s, 8s + if [ $i -gt 10 ]; then + check_result "$E_CONNECT" "Certificate processing timeout ($domain)" + fi + done +fi + +if [ "$certificate" = "" ]; then + echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty after step 7" >> /usr/local/vesta/log/letsencrypt.log + check_result $E_CONNECT "Let's Encrypt 'certificate' is empty after step 7" +fi + +# Downloading signed certificate / STEP 8 +echo "[$(date)] : --- Downloading signed certificate / STEP 8 ---" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem") echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user index 11aec113b..d2338e828 100755 --- a/bin/v-add-letsencrypt-user +++ b/bin/v-add-letsencrypt-user @@ -15,6 +15,10 @@ user=$1 # LE API API='https://acme-v02.api.letsencrypt.org' +if [[ "$LE_STAGING" = 'yes' ]]; then + API='https://acme-staging-v02.api.letsencrypt.org' +fi + # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -41,7 +45,7 @@ query_le_v2() { post_data=$post_data'"payload":"'"$payload_"'",' post_data=$post_data'"signature":"'"$signature_"'"}' - curl -s -i -d "$post_data" "$1" -H "$content" + curl --user-agent "myVesta" -s -i -d "$post_data" "$1" -H "$content" }