Mercurial Hosting > luan
changeset 2048:59f3a7f3d10b acme-tiny tip
add check for local_https in renewSsl.sh
| author | Violet7 |
|---|---|
| date | Tue, 11 Nov 2025 01:45:02 -0800 |
| parents | e0896f65c847 |
| children | |
| files | host/renewSsl.sh src/luan/host/https.luan |
| diffstat | 2 files changed, 44 insertions(+), 27 deletions(-) [+] |
line wrap: on
line diff
diff -r e0896f65c847 -r 59f3a7f3d10b host/renewSsl.sh --- a/host/renewSsl.sh Sun Nov 09 02:38:09 2025 -0800 +++ b/host/renewSsl.sh Tue Nov 11 01:45:02 2025 -0800 @@ -1,31 +1,48 @@ #!/bin/bash +set -e cd "$1" || exit 1 + ROOTPWD=$(pwd) - +KEYFILE="$ROOTPWD/local/tiny_account.key" for SITEROOT in "$ROOTPWD"/sites/*; do - # Skip if not a directory - [ -d "$SITEROOT" ] || continue + { + # Skip if not a directory + [ -d "$SITEROOT" ] || continue - DOMAIN=$(basename "$SITEROOT") - echo "Processing domain: $DOMAIN" - - mkdir -p "$SITEROOT/site/.well-known/acme-challenge" + DOMAIN=$(basename "$SITEROOT") + CSRFILE="$SITEROOT/$DOMAIN.csr" + FULLCHAIN="$SITEROOT/fullchain.cer" + CHALLENGEDIR="$SITEROOT/site/.well-known/acme-challenge" + TMPOUT="/tmp/$DOMAIN.crt" + echo "Processing domain: $DOMAIN" - python3 "$ROOTPWD/acme_tiny.py" \ - --account-key "$ROOTPWD/local/tiny_account.key" \ - --csr "$SITEROOT/$DOMAIN.csr" \ - --acme-dir "$SITEROOT/site/.well-known/acme-challenge" \ - > "/tmp/$DOMAIN.crt" + # local_https.sh does not create a csr file, assume + # it is a self-signed local cert if it doesn't exist + if [ ! -f "$CSRFILE" ]; then + echo "CSR file not found, assuming self-signed and skipping." + continue + fi + + mkdir -p "$CHALLENGEDIR" - # check if exists - if [ -f "$SITEROOT/fullchain.cer" ]; then - mv "$SITEROOT/fullchain.cer" "$SITEROOT/fullchain.cer.old" - fi + python3 "$ROOTPWD/acme_tiny.py" \ + --account-key "$KEYFILE" \ + --csr "$CSRFILE" \ + --acme-dir "$CHALLENGEDIR" \ + > "$TMPOUT" - mv "/tmp/$DOMAIN.crt" "$SITEROOT/fullchain.cer" + # check if exists + if [ -f "$FULLCHAIN" ]; then + mv $FULLCHAIN "$FULLCHAIN.old" + fi - echo "Renewed certificate for $DOMAIN" + mv "$TMPOUT" "$FULLCHAIN" + + echo "Renewed certificate for $DOMAIN" + } || { + echo "Error processing $SITEROOT — skipping." + } done sudo /usr/local/bin/nginx -s reload
diff -r e0896f65c847 -r 59f3a7f3d10b src/luan/host/https.luan --- a/src/luan/host/https.luan Sun Nov 09 02:38:09 2025 -0800 +++ b/src/luan/host/https.luan Tue Nov 11 01:45:02 2025 -0800 @@ -40,11 +40,11 @@ local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory" -- declare these so they are visible in the catch and finally blocks - local guard_file = "/tmp/acme_setup_locks/"..domain..".lock" - local guard_uri = uri("file:"..guard_file) - local temp_dir_string = "/tmp/acme_setup/"..domain + local guard_file = "/tmp/acme_setup_locks/"..domain..".lock" + local guard_uri = uri("file:"..guard_file) + local temp_dir_string = "/tmp/acme_setup/"..domain - if is_https then -- https + if is_https then -- https if not key_file.exists() then local is_local = ip(domain) == "127.0.0.1" logger.info("is_local "..is_local) @@ -68,8 +68,8 @@ local cmd = "mkdir -p /tmp/acme_setup_locks/" local s = uri("bash:"..cmd).read_text() if guard_uri.exists() then - logger.info("set_https already running for "..domain..", skipping") - return + logger.info("set_https already running for "..domain..", skipping") + return end -- Clean out old temp files @@ -145,14 +145,14 @@ end local cmd = "rm -rf "..temp_dir_string local s = uri("bash:"..cmd).read_text() - end + end_try + end -- We now have our certificate! -- Now we just need to generate the nginx config -- that uses it, place it in luan/host/sites/*/nginx.ssl.conf -- and tell luan-host to reload nginx. - end if key_file.exists() and local_cer_file.exists() then changed = true -- the nginx config only requires 2 files: @@ -162,7 +162,7 @@ nginx_file.write(nginx) end end - else -- http + else -- http if key_file.exists() or nginx_file.exists() then changed = true nginx_file.delete()