From 1c0a42cdd85ba3c00850eb6d88e728ca0d834fc6 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 29 Oct 2019 13:01:36 +0100 Subject: [PATCH] Try to fix a problem with acme.sh when we ask for a certificate for the first time. --- .../files/acme-sh-request-cert | 18 +++++++++++++++++- .../templates/acme_sh_request_env.j2 | 6 ++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/library/roles/letsencrypt-acme-sh-client/files/acme-sh-request-cert b/library/roles/letsencrypt-acme-sh-client/files/acme-sh-request-cert index b50458fb..f37ae25a 100644 --- a/library/roles/letsencrypt-acme-sh-client/files/acme-sh-request-cert +++ b/library/roles/letsencrypt-acme-sh-client/files/acme-sh-request-cert @@ -13,10 +13,26 @@ else fi RETVAL= +if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] ; then + # First request. Try to shut down all the services running on port 80 + if [ -x /bin/systemctl ] ; then + /bin/systemctl stop nginx >/dev/null 2>&1 + /bin/systemctl stop apache2 >/dev/null 2>&1 + /bin/systemctl stop httpd >/dev/null 2>&1 + else + service nginx stop + service apache2 stop + service httpd stop + fi + $ACME_SH_BIN $ACME_SH_FIRST_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1 + RETVAL=$? + +fi + $ACME_SH_BIN $ACME_SH_ISSUE_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1 RETVAL=$? -if [ $RETVAL -ne 0 ] ; then +if [ $RETVAL -eq 0 ] ; then touch "$ACME_SH_CONFIG_HOME/ok_certificate_issued" fi diff --git a/library/roles/letsencrypt-acme-sh-client/templates/acme_sh_request_env.j2 b/library/roles/letsencrypt-acme-sh-client/templates/acme_sh_request_env.j2 index 0869eb71..2d178e3d 100644 --- a/library/roles/letsencrypt-acme-sh-client/templates/acme_sh_request_env.j2 +++ b/library/roles/letsencrypt-acme-sh-client/templates/acme_sh_request_env.j2 @@ -39,9 +39,15 @@ ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --test" ACME_SH_ISSUE_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport {{ letsencrypt_acme_standalone_port }} {% endif %} {% endfor %}" +ACME_SH_FIRST_REQUEST_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport 80 {% endif %} {% endfor %}" + # The complete command line to issue a certificate ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_ISSUE_CERT_DOMAINS" +# The complete command line to issue a certificate. The first time we have to use port 80 when not using the dns protocol +ACME_SH_FIRST_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_FIRST_REQUEST_CERT_DOMAINS" + + # # Certificate install options #