Mercurial Hosting > luan

--- a/host/renewSsl.sh	Sun Nov 09 02:38:09 2025 -0800
+++ b/host/renewSsl.sh	Tue Nov 11 01:45:02 2025 -0800
@@ -1,31 +1,48 @@
 #!/bin/bash

+set -e
 cd "$1" || exit 1
+
 ROOTPWD=$(pwd)
-
+KEYFILE="$ROOTPWD/local/tiny_account.key"
 for SITEROOT in "$ROOTPWD"/sites/*; do
-	# Skip if not a directory
-	[ -d "$SITEROOT" ] || continue
+  {
+    # Skip if not a directory
+    [ -d "$SITEROOT" ] || continue

-	DOMAIN=$(basename "$SITEROOT")
-	echo "Processing domain: $DOMAIN"
-
-	mkdir -p "$SITEROOT/site/.well-known/acme-challenge"
+    DOMAIN=$(basename "$SITEROOT")
+    CSRFILE="$SITEROOT/$DOMAIN.csr"
+    FULLCHAIN="$SITEROOT/fullchain.cer"
+    CHALLENGEDIR="$SITEROOT/site/.well-known/acme-challenge"
+    TMPOUT="/tmp/$DOMAIN.crt"
+    echo "Processing domain: $DOMAIN"

-	python3 "$ROOTPWD/acme_tiny.py" \
-		--account-key "$ROOTPWD/local/tiny_account.key" \
-		--csr "$SITEROOT/$DOMAIN.csr" \
-		--acme-dir "$SITEROOT/site/.well-known/acme-challenge" \
-		> "/tmp/$DOMAIN.crt"
+    # local_https.sh does not create a csr file, assume
+    # it is a self-signed local cert if it doesn't exist
+    if [ ! -f "$CSRFILE" ]; then
+      echo "CSR file not found, assuming self-signed and skipping."
+      continue
+    fi
+
+    mkdir -p "$CHALLENGEDIR"

-	# check if exists
-	if [ -f "$SITEROOT/fullchain.cer" ]; then
-		mv "$SITEROOT/fullchain.cer" "$SITEROOT/fullchain.cer.old"
-	fi
+    python3 "$ROOTPWD/acme_tiny.py" \
+      --account-key "$KEYFILE" \
+      --csr "$CSRFILE" \
+      --acme-dir "$CHALLENGEDIR" \
+      > "$TMPOUT"

-	mv "/tmp/$DOMAIN.crt" "$SITEROOT/fullchain.cer"
+    # check if exists
+    if [ -f "$FULLCHAIN" ]; then
+      mv $FULLCHAIN "$FULLCHAIN.old"
+    fi

-	echo "Renewed certificate for $DOMAIN"
+    mv "$TMPOUT" "$FULLCHAIN"
+
+    echo "Renewed certificate for $DOMAIN"
+  } || {
+    echo "Error processing $SITEROOT — skipping."
+  }
 done

 sudo /usr/local/bin/nginx -s reload
--- a/src/luan/host/https.luan	Sun Nov 09 02:38:09 2025 -0800
+++ b/src/luan/host/https.luan	Tue Nov 11 01:45:02 2025 -0800
@@ -40,11 +40,11 @@
 	local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"

 	-- declare these so they are visible in the catch and finally blocks
-  local guard_file = "/tmp/acme_setup_locks/"..domain..".lock"
-  local guard_uri = uri("file:"..guard_file)
-  local temp_dir_string = "/tmp/acme_setup/"..domain
+	local guard_file = "/tmp/acme_setup_locks/"..domain..".lock"
+	local guard_uri = uri("file:"..guard_file)
+	local temp_dir_string = "/tmp/acme_setup/"..domain

-	if is_https then	-- https
+	if is_https then -- https
 		if not key_file.exists() then
 			local is_local = ip(domain) == "127.0.0.1"
 			logger.info("is_local "..is_local)
@@ -68,8 +68,8 @@
 					local cmd = "mkdir -p /tmp/acme_setup_locks/"
 					local s = uri("bash:"..cmd).read_text()
 					if guard_uri.exists() then
-							logger.info("set_https already running for "..domain..", skipping")
-							return
+						logger.info("set_https already running for "..domain..", skipping")
+						return
 					end

 					-- Clean out old temp files
@@ -145,14 +145,14 @@
 					end
 					local cmd = "rm -rf "..temp_dir_string
 					local s = uri("bash:"..cmd).read_text()
-				end
+				end_try

+			end
 				-- We now have our certificate!
 				-- Now we just need to generate the nginx config
 				-- that uses it, place it in luan/host/sites/*/nginx.ssl.conf
 				-- and tell luan-host to reload nginx.

-			end
 			if key_file.exists() and local_cer_file.exists() then
 				changed = true
 				-- the nginx config only requires 2 files:
@@ -162,7 +162,7 @@
 				nginx_file.write(nginx)
 			end
 		end
-	else	-- http
+	else -- http
 		if key_file.exists() or nginx_file.exists() then
 			changed = true
 			nginx_file.delete()