Fallback to listener cert when PMA certbot unavailable
parent
e59dbc9af0
commit
5dd63f99e7
|
|
@ -116,6 +116,7 @@ NEEDS_RESTART=0
|
|||
LE_LIVE_DIR="/etc/letsencrypt/live"
|
||||
LE_CERT_DIR=""
|
||||
CERT_DOMAIN_USED=""
|
||||
CERT_SOURCE="Let's Encrypt"
|
||||
|
||||
# Find an existing certificate for the first matching candidate.
|
||||
for candidate_host in "${DOMAIN_CANDIDATES[@]}"; do
|
||||
|
|
@ -216,10 +217,8 @@ if [[ -z "$LE_CERT_DIR" ]]; then
|
|||
fi
|
||||
|
||||
if [[ -z "$CERTBOT_CMD" ]]; then
|
||||
echo "FATAL: certbot is not available and no existing Let's Encrypt certificate was found for '$ENV_HOST'." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "WARNING: certbot is unavailable for on-demand issuance. Will try existing listener certificate files as fallback." >&2
|
||||
else
|
||||
WEBROOT_PATH="/var/www/webroot/ROOT"
|
||||
ACME_CHALLENGE_DIR="$WEBROOT_PATH/.well-known/acme-challenge"
|
||||
sudo mkdir -p "$ACME_CHALLENGE_DIR"
|
||||
|
|
@ -247,6 +246,7 @@ if [[ -z "$LE_CERT_DIR" ]]; then
|
|||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Set the final key and cert file paths based on the found directory
|
||||
|
|
@ -254,11 +254,30 @@ if [[ -n "$LE_CERT_DIR" ]]; then
|
|||
LE_KEY_FILE="$LE_CERT_DIR/privkey.pem"
|
||||
LE_CERT_FILE="$LE_CERT_DIR/fullchain.pem"
|
||||
else
|
||||
echo "FATAL: Let's Encrypt certificate directory could not be found for ENV_HOST: $ENV_HOST" >&2
|
||||
echo " Checked candidates: ${DOMAIN_CANDIDATES[*]}" >&2
|
||||
echo " Checked specific path: $LE_LIVE_DIR/$ENV_HOST" >&2
|
||||
echo " Checked suffixed paths: $LE_LIVE_DIR/${ENV_HOST}-*" >&2
|
||||
FALLBACK_KEY_FILE=""
|
||||
FALLBACK_CERT_FILE=""
|
||||
|
||||
if [[ -f "/var/www/ssl/litespeed.key" ]] && [[ -f "/var/www/ssl/litespeed.crt" ]]; then
|
||||
FALLBACK_KEY_FILE="/var/www/ssl/litespeed.key"
|
||||
FALLBACK_CERT_FILE="/var/www/ssl/litespeed.crt"
|
||||
elif [[ -f "/usr/local/lsws/conf/server.key" ]] && [[ -f "/usr/local/lsws/conf/server.crt" ]]; then
|
||||
FALLBACK_KEY_FILE="/usr/local/lsws/conf/server.key"
|
||||
FALLBACK_CERT_FILE="/usr/local/lsws/conf/server.crt"
|
||||
fi
|
||||
|
||||
if [[ -n "$FALLBACK_KEY_FILE" ]] && [[ -n "$FALLBACK_CERT_FILE" ]]; then
|
||||
LE_KEY_FILE="$FALLBACK_KEY_FILE"
|
||||
LE_CERT_FILE="$FALLBACK_CERT_FILE"
|
||||
CERT_SOURCE="Listener fallback"
|
||||
echo "WARNING: No Let's Encrypt certificate available for '$ENV_HOST'. Using existing listener certificate files instead." >&2
|
||||
else
|
||||
echo "FATAL: No usable certificate files were found for PMA gateway TLS." >&2
|
||||
echo " Checked Let's Encrypt candidates: ${DOMAIN_CANDIDATES[*]}" >&2
|
||||
echo " Checked LE exact path: $LE_LIVE_DIR/$ENV_HOST" >&2
|
||||
echo " Checked LE suffixed paths: $LE_LIVE_DIR/${ENV_HOST}-*" >&2
|
||||
echo " Checked listener fallback paths: /var/www/ssl/litespeed.{key,crt}, /usr/local/lsws/conf/server.{key,crt}" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Check if the Let's Encrypt files exist at the determined paths
|
||||
|
|
@ -268,7 +287,8 @@ if [[ ! -f "$LE_KEY_FILE" ]] || [[ ! -f "$LE_CERT_FILE" ]]; then
|
|||
echo " Cert: $LE_CERT_FILE" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "INFO: Using Let's Encrypt certificate paths:" >&2
|
||||
echo "INFO: Using certificate source: $CERT_SOURCE" >&2
|
||||
echo "INFO: Using certificate paths:" >&2
|
||||
echo " Key: $LE_KEY_FILE" >&2
|
||||
echo " Cert: $LE_CERT_FILE" >&2
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue