From e59dbc9af0cfc1acc642dcf0ace2887ab3c3172a Mon Sep 17 00:00:00 2001 From: Anthony Date: Thu, 26 Feb 2026 21:52:22 +0800 Subject: [PATCH] Harden PMA certbot fallback when package install fails --- scripts/pma-gateway/create_pma_gateway.sh | 55 ++++++++++++++++++++--- 1 file changed, 48 insertions(+), 7 deletions(-) diff --git a/scripts/pma-gateway/create_pma_gateway.sh b/scripts/pma-gateway/create_pma_gateway.sh index bb00d7c..0a310dd 100644 --- a/scripts/pma-gateway/create_pma_gateway.sh +++ b/scripts/pma-gateway/create_pma_gateway.sh @@ -152,25 +152,66 @@ if [[ -z "$LE_CERT_DIR" ]]; then CERTBOT_CMD="" if command -v certbot >/dev/null 2>&1; then CERTBOT_CMD="certbot" - elif [[ -x "/opt/certbot/certbot-auto" ]]; then - CERTBOT_CMD="/opt/certbot/certbot-auto" + else + # On some images certbot exists but is not in PATH for non-login shells. + for certbot_path in /usr/bin/certbot /usr/local/bin/certbot /snap/bin/certbot; do + if [[ -x "$certbot_path" ]]; then + CERTBOT_CMD="$certbot_path" + break + fi + done + fi + + if [[ -z "$CERTBOT_CMD" ]] && [[ -f "/opt/certbot/certbot-auto" ]]; then + sudo chmod a+x /opt/certbot/certbot-auto >/dev/null 2>&1 || true + if [[ -x "/opt/certbot/certbot-auto" ]]; then + CERTBOT_CMD="/opt/certbot/certbot-auto" + fi fi if [[ -z "$CERTBOT_CMD" ]]; then - echo "WARNING: certbot is not available. Attempting to install certbot..." >&2 + echo "WARNING: certbot is not available. Attempting to bootstrap certbot-auto..." >&2 + sudo mkdir -p /opt/certbot >/dev/null 2>&1 || true + if command -v curl >/dev/null 2>&1; then + sudo curl -fsSL https://dl.eff.org/certbot-auto -o /opt/certbot/certbot-auto >/dev/null 2>&1 || true + elif command -v wget >/dev/null 2>&1; then + sudo wget -q -O /opt/certbot/certbot-auto https://dl.eff.org/certbot-auto >/dev/null 2>&1 || true + fi + sudo chmod a+x /opt/certbot/certbot-auto >/dev/null 2>&1 || true + + if [[ -x "/opt/certbot/certbot-auto" ]]; then + CERTBOT_CMD="/opt/certbot/certbot-auto" + fi + fi + + if [[ -z "$CERTBOT_CMD" ]]; then + echo "WARNING: certbot/certbot-auto is still unavailable. Attempting package manager install..." >&2 if command -v dnf >/dev/null 2>&1; then - sudo dnf install -y --setopt=install_weak_deps=False certbot >/dev/null 2>&1 || true + if ! sudo dnf install -y --setopt=install_weak_deps=False certbot >/dev/null 2>&1; then + echo "WARNING: dnf failed to install certbot (possibly resource constrained)." >&2 + fi elif command -v yum >/dev/null 2>&1; then - sudo yum install -y certbot >/dev/null 2>&1 || true + if ! sudo yum install -y certbot >/dev/null 2>&1; then + echo "WARNING: yum failed to install certbot." >&2 + fi elif command -v apt-get >/dev/null 2>&1; then sudo apt-get update -qq >/dev/null 2>&1 || true - sudo apt-get install -y certbot >/dev/null 2>&1 || true + if ! sudo apt-get install -y certbot >/dev/null 2>&1; then + echo "WARNING: apt-get failed to install certbot." >&2 + fi fi if command -v certbot >/dev/null 2>&1; then CERTBOT_CMD="certbot" elif [[ -x "/opt/certbot/certbot-auto" ]]; then CERTBOT_CMD="/opt/certbot/certbot-auto" + else + for certbot_path in /usr/bin/certbot /usr/local/bin/certbot /snap/bin/certbot; do + if [[ -x "$certbot_path" ]]; then + CERTBOT_CMD="$certbot_path" + break + fi + done fi fi @@ -385,7 +426,7 @@ fi sudo tee "$GATEWAY_FILE" >/dev/null <<'PHP'