LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

acme: Update to v1.3. 

This version handles transitioning from a previous certificate that was
issues using the staging server, adds more debug logging, and handles
state directories better if issuing fails.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
lilik-openwrt-22.03
Toke Høiland-Jørgensen 8 years ago
parent
413ce0d033
commit
5a90e41b30
2 changed files with 38 additions and 5 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      net/acme/Makefile
  2. +36
    -3
      net/acme/files/run.sh

+ 2
- 2
net/acme/Makefile View File

@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=acme
PKG_SOURCE_VERSION:=3c33cdfa3da68000a40b85304821705f0deea951
PKG_VERSION:=1.2
PKG_RELEASE:=2
PKG_VERSION:=1.3
PKG_RELEASE:=1
PKG_LICENSE:=GPLv3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.xz


+ 36
- 3
net/acme/files/run.sh View File

@ -26,11 +26,18 @@ check_cron()
/etc/init.d/cron start
}
debug()
{
[ "$DEBUG" -eq "1" ] && echo "$@" >&2
}
pre_checks()
{
echo "Running pre checks."
check_cron
[ -d "$STATE_DIR" ] || mkdir -p "$STATE_DIR"
if [ -e /etc/init.d/uhttpd ]; then
UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http)
@ -42,6 +49,9 @@ pre_checks()
iptables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
ip6tables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
debug "v4 input_rule: $(iptables -nvL input_rule)"
debug "v6 input_rule: $(ip6tables -nvL input_rule)"
debug "port80 listens: $(netstat -ntpl | grep :80)"
return 0
}
@ -71,6 +81,14 @@ int_out()
kill -INT $$
}
is_staging()
{
local main_domain="$1"
grep -q "acme-staging" "$STATE_DIR/$main_domain/${main_domain}.conf"
return $?
}
issue_cert()
{
local section="$1"
@ -81,6 +99,8 @@ issue_cert()
local keylength
local domains
local main_domain
local moved_staging=0
local failed_dir
config_get_bool enabled "$section" enabled 0
config_get_bool use_staging "$section" use_staging
@ -96,8 +116,15 @@ issue_cert()
main_domain=$1
if [ -e "$STATE_DIR/$main_domain" ]; then
$ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args || return 1
return 0
if [ "$use_staging" -eq "0" ] && is_staging "$main_domain"; then
echo "Found previous cert issued using staging server. Moving it out of the way."
mv "$STATE_DIR/$main_domain" "$STATE_DIR/$main_domain.staging"
moved_staging=1
else
echo "Found previous cert config. Issuing renew."
$ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args || return 1
return 0
fi
fi
@ -108,7 +135,13 @@ issue_cert()
[ "$use_staging" -eq "1" ] && acme_args="$acme_args --staging"
if ! $ACME --home "$STATE_DIR" --issue $acme_args; then
echo "Issuing cert for $main_domain failed. It may be necessary to remove $STATE_DIR/$main_domain to recover." >&2
failed_dir="$STATE_DIR/${main_domain}.failed-$(date +%s)"
echo "Issuing cert for $main_domain failed. Moving state to $failed_dir" >&2
[ -d "$STATE_DIR/$main_domain" ] && mv "$STATE_DIR/$main_domain" "$failed_dir"
if [ "$moved_staging" -eq "1" ]; then
echo "Restoring staging certificate" >&2
mv "$STATE_DIR/${main_domain}.staging" "$STATE_DIR/${main_domain}"
fi
return 1
fi


Write Preview
Loading…
Cancel
Save