Merge pull request #6 from BrunoZell/master
Fix problems with rate limit - updated
This commit is contained in:
commit
af4a499299
|
@ -1,5 +1,5 @@
|
|||
FROM nginx
|
||||
MAINTAINER Elliot Saba <staticfloat@gmail.com>
|
||||
LABEL maintainer="Elliot Saba <staticfloat@gmail.com>, Valder Gallo <valergallo@gmail.com>, Bruno Zell <bruno.zzell@gmail.com>"
|
||||
|
||||
VOLUME /etc/letsencrypt
|
||||
EXPOSE 80
|
||||
|
|
|
@ -14,27 +14,24 @@ auto_enable_configs
|
|||
nginx -g "daemon off;" &
|
||||
export NGINX_PID=$!
|
||||
|
||||
# Next, run certbot to request all the ssl certs we can find
|
||||
/scripts/run_certbot.sh
|
||||
|
||||
# Lastly, run startup scripts
|
||||
for f in /scripts/startup/*.sh; do
|
||||
if [[ -x "$f" ]]; then
|
||||
if [ -x "$f" ]; then
|
||||
echo "Running startup script $f"
|
||||
$f
|
||||
fi
|
||||
done
|
||||
echo "Done with startup"
|
||||
|
||||
# Instead of trying to run `cron` or something like that, just leep and run `certbot`.
|
||||
# Instead of trying to run `cron` or something like that, just sleep and run `certbot`.
|
||||
while [ true ]; do
|
||||
# Sleep for 1 week
|
||||
sleep 604800 &
|
||||
SLEEP_PID=$!
|
||||
|
||||
# re-run certbot
|
||||
echo "Run certbot"
|
||||
/scripts/run_certbot.sh
|
||||
|
||||
# Sleep for 1 week
|
||||
sleep 604810 &
|
||||
SLEEP_PID=$!
|
||||
|
||||
# Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap
|
||||
wait "$SLEEP_PID"
|
||||
done
|
||||
|
|
|
@ -13,10 +13,16 @@ exit_code=0
|
|||
set -x
|
||||
# Loop over every domain we can find
|
||||
for domain in $(parse_domains); do
|
||||
if is_renewal_required $domain; then
|
||||
# Renewal required for this doman.
|
||||
# Last one happened over a week ago (or never)
|
||||
if ! get_certificate $domain $CERTBOT_EMAIL; then
|
||||
error "Cerbot failed for $domain. Check the logs for details."
|
||||
exit_code=1
|
||||
fi
|
||||
else
|
||||
echo "Not run certbot for $domain; last renewal happened just recently."
|
||||
fi
|
||||
done
|
||||
|
||||
# After trying to get all our certificates, auto enable any configs that we
|
||||
|
|
|
@ -59,7 +59,35 @@ auto_enable_configs() {
|
|||
# EMAIL environment variable, to register the proper support email address.
|
||||
get_certificate() {
|
||||
echo "Getting certificate for domain $1 on behalf of user $2"
|
||||
PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory'
|
||||
STAGING_URL='https://acme-staging.api.letsencrypt.org/directory'
|
||||
|
||||
if [ "${IS_STAGING}" = "1" ]; then
|
||||
letsencrypt_url=$STAGING_URL
|
||||
echo "Staging ..."
|
||||
else
|
||||
letsencrypt_url=$PRODUCTION_URL
|
||||
echo "Production ..."
|
||||
fi
|
||||
|
||||
echo "running certbot ... $letsencrypt_url $1 $2"
|
||||
certbot certonly --agree-tos --keep -n --text --email $2 --server \
|
||||
https://acme-v02.api.letsencrypt.org/directory -d $1 --http-01-port 1337 \
|
||||
--standalone --standalone-supported-challenges http-01 --debug
|
||||
$letsencrypt_url -d $1 --http-01-port 1337 \
|
||||
--standalone --preferred-challenges http-01 --debug
|
||||
}
|
||||
|
||||
# Given a domain name, return true if a renewal is required (last renewal
|
||||
# ran over a week ago or never happened yet), otherwise return false.
|
||||
is_renewal_required() {
|
||||
# If the file does not exist assume a renewal is required
|
||||
last_renewal_file="/etc/letsencrypt/live/$1/privkey.pem"
|
||||
[ ! -e "$last_renewal_file" ] && return;
|
||||
|
||||
# If the file exists, check if the last renewal was more than a week ago
|
||||
one_week_sec=604800
|
||||
now_sec=$(date -d now +%s)
|
||||
last_renewal_sec=$(stat -c %Y "$last_renewal_file")
|
||||
last_renewal_delta_sec=$(( ($now_sec - $last_renewal_sec) ))
|
||||
is_finshed_week_sec=$(( ($one_week_sec - $last_renewal_delta_sec) ))
|
||||
[ $is_finshed_week_sec -lt 0 ]
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue