Merge pull request #6 from BrunoZell/master

Fix problems with rate limit - updated
This commit is contained in:
Elliot Saba 2018-10-03 11:41:46 +08:00 committed by GitHub
commit af4a499299
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 47 additions and 16 deletions

View File

@ -1,5 +1,5 @@
FROM nginx
MAINTAINER Elliot Saba <staticfloat@gmail.com>
LABEL maintainer="Elliot Saba <staticfloat@gmail.com>, Valder Gallo <valergallo@gmail.com>, Bruno Zell <bruno.zzell@gmail.com>"
VOLUME /etc/letsencrypt
EXPOSE 80

View File

@ -14,27 +14,24 @@ auto_enable_configs
nginx -g "daemon off;" &
export NGINX_PID=$!
# Next, run certbot to request all the ssl certs we can find
/scripts/run_certbot.sh
# Lastly, run startup scripts
for f in /scripts/startup/*.sh; do
if [[ -x "$f" ]]; then
if [ -x "$f" ]; then
echo "Running startup script $f"
$f
fi
done
echo "Done with startup"
# Instead of trying to run `cron` or something like that, just leep and run `certbot`.
# Instead of trying to run `cron` or something like that, just sleep and run `certbot`.
while [ true ]; do
# Sleep for 1 week
sleep 604800 &
SLEEP_PID=$!
# re-run certbot
echo "Run certbot"
/scripts/run_certbot.sh
# Sleep for 1 week
sleep 604810 &
SLEEP_PID=$!
# Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap
wait "$SLEEP_PID"
done

View File

@ -13,9 +13,15 @@ exit_code=0
set -x
# Loop over every domain we can find
for domain in $(parse_domains); do
if ! get_certificate $domain $CERTBOT_EMAIL; then
error "Cerbot failed for $domain. Check the logs for details."
exit_code=1
if is_renewal_required $domain; then
# Renewal required for this doman.
# Last one happened over a week ago (or never)
if ! get_certificate $domain $CERTBOT_EMAIL; then
error "Cerbot failed for $domain. Check the logs for details."
exit_code=1
fi
else
echo "Not run certbot for $domain; last renewal happened just recently."
fi
done

View File

@ -59,7 +59,35 @@ auto_enable_configs() {
# EMAIL environment variable, to register the proper support email address.
get_certificate() {
echo "Getting certificate for domain $1 on behalf of user $2"
PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory'
STAGING_URL='https://acme-staging.api.letsencrypt.org/directory'
if [ "${IS_STAGING}" = "1" ]; then
letsencrypt_url=$STAGING_URL
echo "Staging ..."
else
letsencrypt_url=$PRODUCTION_URL
echo "Production ..."
fi
echo "running certbot ... $letsencrypt_url $1 $2"
certbot certonly --agree-tos --keep -n --text --email $2 --server \
https://acme-v02.api.letsencrypt.org/directory -d $1 --http-01-port 1337 \
--standalone --standalone-supported-challenges http-01 --debug
$letsencrypt_url -d $1 --http-01-port 1337 \
--standalone --preferred-challenges http-01 --debug
}
# Given a domain name, return true if a renewal is required (last renewal
# ran over a week ago or never happened yet), otherwise return false.
is_renewal_required() {
# If the file does not exist assume a renewal is required
last_renewal_file="/etc/letsencrypt/live/$1/privkey.pem"
[ ! -e "$last_renewal_file" ] && return;
# If the file exists, check if the last renewal was more than a week ago
one_week_sec=604800
now_sec=$(date -d now +%s)
last_renewal_sec=$(stat -c %Y "$last_renewal_file")
last_renewal_delta_sec=$(( ($now_sec - $last_renewal_sec) ))
is_finshed_week_sec=$(( ($one_week_sec - $last_renewal_delta_sec) ))
[ $is_finshed_week_sec -lt 0 ]
}