ISTI-ansible-roles
/
ansible-roles
4
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

Try to fix a problem with acme.sh when we ask for a certificate for the first time.

This commit is contained in:
Andrea Dell'Amico 2019-10-29 13:01:36 +01:00
parent 6bd05fe9cc
commit 1c0a42cdd8
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
library/roles/letsencrypt-acme-sh-client/files/acme-sh-request-cert
View File

@ -13,10 +13,26 @@ else
fi
RETVAL=
if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] ; then
# First request. Try to shut down all the services running on port 80
if [ -x /bin/systemctl ] ; then
/bin/systemctl stop nginx >/dev/null 2>&1
/bin/systemctl stop apache2 >/dev/null 2>&1
/bin/systemctl stop httpd >/dev/null 2>&1
else
service nginx stop
service apache2 stop
service httpd stop
fi
$ACME_SH_BIN $ACME_SH_FIRST_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
RETVAL=$?
fi
$ACME_SH_BIN $ACME_SH_ISSUE_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
RETVAL=$?
if [ $RETVAL -ne 0 ] ; then
if [ $RETVAL -eq 0 ] ; then
touch "$ACME_SH_CONFIG_HOME/ok_certificate_issued"
fi

6
library/roles/letsencrypt-acme-sh-client/templates/acme_sh_request_env.j2
View File

@ -39,9 +39,15 @@ ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --test"
ACME_SH_ISSUE_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport {{ letsencrypt_acme_standalone_port }} {% endif %} {% endfor %}"
ACME_SH_FIRST_REQUEST_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport 80 {% endif %} {% endfor %}"
# The complete command line to issue a certificate
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_ISSUE_CERT_DOMAINS"
# The complete command line to issue a certificate. The first time we have to use port 80 when not using the dns protocol
ACME_SH_FIRST_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_FIRST_REQUEST_CERT_DOMAINS"
#
# Certificate install options
#