From fbf4daac7c8801eca53a0299ff0047272a2649ac Mon Sep 17 00:00:00 2001 From: Rob Pearce Date: Fri, 20 Sep 2024 10:43:03 +1000 Subject: [PATCH] Remove extraneous deploy causing confusing log messages about not needing cert deployment. When using -A, correctly show summary of deployed certs and restarted services --- lehook.sh | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/lehook.sh b/lehook.sh index 73fea0a..d23170d 100755 --- a/lehook.sh +++ b/lehook.sh @@ -157,7 +157,7 @@ function checkcert() { else rsum=$(echo "$rsum" | awk '{ print $1 }') if [[ $lsum == $rsum ]]; then - [[ $quiet -ne 1 ]] && echo "Ok" + [[ $quiet -ne 1 ]] && echo "Ok [$rsum]" else [[ $quiet -ne 1 ]] && echo "Needs updating [$lsum vs $rsum]" rv=1 @@ -192,7 +192,7 @@ while getopts "$ARGS" i; do c) cronmode=1 - recurseargs="$recurseargs -c" + recurseargs="$recurseargs -$i" ;; h) usage; @@ -289,6 +289,7 @@ function dodeploy() { local nok nfail okservs failservs s certdirs="" for d in $domains; do + [[ $d == -* ]] && continue; # Just in case we somehow catch arguments thisone=$certbase/$d if [[ -d $thisone ]]; then certdirs="$certdirs $thisone" @@ -325,7 +326,7 @@ function dodeploy() { if [[ $force -eq 1 ]]; then needupdate=1 else - out "* Checking existing certs" + out "* Checking existing certs for $domain on $r" needupdate=0 checkcert "Certificate" $r $local_cert_sum $dest_cert/fullchain.pem || needupdate=1 if [[ $needupdate -eq 0 ]]; then @@ -385,7 +386,7 @@ function dodeploy() { fi if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then if [[ ! -z $newcerts ]]; then - echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted $okservs" + echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted${okservs}" if [[ $nfail -ge 1 ]]; then echo ", FAILED to restart $failservs)" else @@ -487,12 +488,14 @@ if [[ $mode == "generate" ]]; then elif [[ $mode == "renew" ]]; then rv=0 extraargs="" + deployargs="" renewed=0 [[ $force -eq 1 ]] && extraargs="$extraargs --force-renewal" + [[ $alsodeploy -eq 1 ]] && deployargs="--deploy-hook $DIR/lehook-deploy.sh" cp -f /dev/null /tmp/lh-renew for this in $domains; do [[ $verbose -eq 1 ]] && echo "Will run: certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1" | tee -a /tmp/lh-renew - res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew) + res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh $deployargs $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew) rv=$((rv + $?)) [[ $verbose -eq 1 ]] && echo "$res" if [[ "$res" =~ "not due for" ]]; then @@ -505,16 +508,22 @@ elif [[ $mode == "renew" ]]; then if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then exp=$(certbot certificates --cert-name $this 2>&1 | grep Expiry | sed -e 's/^.*Date: //') echo "$this has been renewed. New expiry: $exp" + + if [[ $alsodeploy -eq 1 ]]; then + # Show which certs were deployed + grep "^Refreshed" <<< "$res" | sed 's/^Refreshed/Deployed/' + fi fi else echo "Error renewing $this. Certbot output:" echo "$res" fi done - if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then - dodeploy - rv=$? - fi + # Not required - depooy is done via --deploy-hook + #if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then + # dodeploy + # rv=$? + #fi elif [[ $mode == "test" ]]; then nowdate="$(date +%s)" echo "== Test mode."