Working SSL Cert

mbadmin.jps

@@ -93,29 +93,17 @@ onInstall:
         - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/pma-gateway/create_pma_gateway.sh
         - if [ ! -f create_pma_gateway.sh ]; then echo "Failed to download create_pma_gateway.sh"; exit 1; fi
         - chmod +x *.sh
-        # Install Certbot for AlmaLinux with memory constraints
+        # Download and install certbot-auto
-        - echo "Installing Certbot... (this may take a few minutes)"
+        - if [ ! -f /opt/certbot/certbot-auto ]; then
-        - MEMFREE=$(free -m | grep "Mem:" | awk '{print $4}')
+            echo "Downloading certbot-auto...";
-        - echo "Available memory: ${MEMFREE}MB"
+            mkdir -p /opt/certbot;
-        - if [ $MEMFREE -lt 500 ]; then
+            cd /opt/certbot;
-            echo "Low memory detected (${MEMFREE}MB), running dnf with minimal memory usage";
+            wget https://dl.eff.org/certbot-auto;
-            dnf install -y --setopt=install_weak_deps=False --best --allowerasing certbot || echo "Certbot installation failed but continuing";
+            chmod a+x certbot-auto;
+            echo "Running certbot-auto for the first time to install dependencies...";
+            ./certbot-auto --non-interactive --install-only || echo "certbot-auto initial run failed but continuing";
           else
-            dnf install -y certbot || echo "Certbot installation failed but continuing";
+            echo "certbot-auto is already installed.";
-          fi
-        # Only install DNS plugin if certbot was installed successfully
-        - if command -v certbot > /dev/null; then
-            echo "Installing Certbot DNS plugin...";
-            dnf install -y --setopt=install_weak_deps=False python3-certbot-dns-cloudflare || echo "DNS plugin installation failed but continuing";
-          else
-            echo "Skipping DNS plugin installation as Certbot wasn't installed";
-          fi
-        # Install Certbot DNS Bunny plugin
-        - if command -v certbot > /dev/null; then
-            echo "Installing Certbot DNS Bunny plugin...";
-            pip install certbot-dns-bunny || echo "Certbot DNS Bunny plugin installation failed but continuing";
-          else
-            echo "Skipping Certbot DNS Bunny plugin installation as Certbot wasn't installed";
           fi
 
 menu:

scripts/ssl-manager/ssl_manager.sh

@@ -182,7 +182,7 @@ issue_certificate_dns() {
     local temp_creds_file="/tmp/bunny.ini.$$"
 
     # Ensure the temporary credentials file is removed on exit
-    trap 'sudo rm -f "$temp_creds_file"' RETURN
+    trap 'sudo rm -f "$temp_creds_file"; trap - RETURN' RETURN
 
     if [[ ! -f "$encoded_creds_file" ]]; then
         log_error "Encoded credentials file not found at '$encoded_creds_file'. The addon may be installed incorrectly."
@@ -200,7 +200,7 @@ issue_certificate_dns() {
 
     # Extract email from credentials file for the --email flag
     local email
-    email=$(grep "dns_bunny_account_email" "$temp_creds_file" | sed 's/.*= *//')
+    email=$(sudo grep "dns_bunny_account_email" "$temp_creds_file" | sed 's/.*= *//')
 
     if [[ -z "$email" ]]; then
         log_error "dns_bunny_account_email not set in decoded credentials."
@@ -209,11 +209,13 @@ issue_certificate_dns() {
 
     log "Issuing SSL certificate for domain '$domain' using certbot with DNS challenge..."
     
-    sudo certbot certonly \
+    sudo /opt/certbot/certbot-auto certonly \
+        --non-interactive \
+        --agree-tos \
+        --email "$email" \
         --dns-bunny \
         --dns-bunny-credentials "$temp_creds_file" \
-        -d "$domain" \
+        -d "$domain" || {
-        --non-interactive --agree-tos --email "$email" || {
         log_error "Failed to issue certificate for '$domain' using certbot DNS challenge."
         SCRIPT_EXIT_STATUS=1; return 1
     }