diff --git a/mbadmin.jps b/mbadmin.jps index 6b4e30f..7b618d4 100644 --- a/mbadmin.jps +++ b/mbadmin.jps @@ -93,29 +93,17 @@ onInstall: - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/pma-gateway/create_pma_gateway.sh - if [ ! -f create_pma_gateway.sh ]; then echo "Failed to download create_pma_gateway.sh"; exit 1; fi - chmod +x *.sh - # Install Certbot for AlmaLinux with memory constraints - - echo "Installing Certbot... (this may take a few minutes)" - - MEMFREE=$(free -m | grep "Mem:" | awk '{print $4}') - - echo "Available memory: ${MEMFREE}MB" - - if [ $MEMFREE -lt 500 ]; then - echo "Low memory detected (${MEMFREE}MB), running dnf with minimal memory usage"; - dnf install -y --setopt=install_weak_deps=False --best --allowerasing certbot || echo "Certbot installation failed but continuing"; + # Download and install certbot-auto + - if [ ! -f /opt/certbot/certbot-auto ]; then + echo "Downloading certbot-auto..."; + mkdir -p /opt/certbot; + cd /opt/certbot; + wget https://dl.eff.org/certbot-auto; + chmod a+x certbot-auto; + echo "Running certbot-auto for the first time to install dependencies..."; + ./certbot-auto --non-interactive --install-only || echo "certbot-auto initial run failed but continuing"; else - dnf install -y certbot || echo "Certbot installation failed but continuing"; - fi - # Only install DNS plugin if certbot was installed successfully - - if command -v certbot > /dev/null; then - echo "Installing Certbot DNS plugin..."; - dnf install -y --setopt=install_weak_deps=False python3-certbot-dns-cloudflare || echo "DNS plugin installation failed but continuing"; - else - echo "Skipping DNS plugin installation as Certbot wasn't installed"; - fi - # Install Certbot DNS Bunny plugin - - if command -v certbot > /dev/null; then - echo "Installing Certbot DNS Bunny plugin..."; - pip install certbot-dns-bunny || echo "Certbot DNS Bunny plugin installation failed but continuing"; - else - echo "Skipping Certbot DNS Bunny plugin installation as Certbot wasn't installed"; + echo "certbot-auto is already installed."; fi menu: diff --git a/scripts/ssl-manager/ssl_manager.sh b/scripts/ssl-manager/ssl_manager.sh index a28de4a..5f5605b 100644 --- a/scripts/ssl-manager/ssl_manager.sh +++ b/scripts/ssl-manager/ssl_manager.sh @@ -182,7 +182,7 @@ issue_certificate_dns() { local temp_creds_file="/tmp/bunny.ini.$$" # Ensure the temporary credentials file is removed on exit - trap 'sudo rm -f "$temp_creds_file"' RETURN + trap 'sudo rm -f "$temp_creds_file"; trap - RETURN' RETURN if [[ ! -f "$encoded_creds_file" ]]; then log_error "Encoded credentials file not found at '$encoded_creds_file'. The addon may be installed incorrectly." @@ -200,7 +200,7 @@ issue_certificate_dns() { # Extract email from credentials file for the --email flag local email - email=$(grep "dns_bunny_account_email" "$temp_creds_file" | sed 's/.*= *//') + email=$(sudo grep "dns_bunny_account_email" "$temp_creds_file" | sed 's/.*= *//') if [[ -z "$email" ]]; then log_error "dns_bunny_account_email not set in decoded credentials." @@ -209,11 +209,13 @@ issue_certificate_dns() { log "Issuing SSL certificate for domain '$domain' using certbot with DNS challenge..." - sudo certbot certonly \ + sudo /opt/certbot/certbot-auto certonly \ + --non-interactive \ + --agree-tos \ + --email "$email" \ --dns-bunny \ --dns-bunny-credentials "$temp_creds_file" \ - -d "$domain" \ - --non-interactive --agree-tos --email "$email" || { + -d "$domain" || { log_error "Failed to issue certificate for '$domain' using certbot DNS challenge." SCRIPT_EXIT_STATUS=1; return 1 }