diff --git a/scripts/generate-ssl-cert.sh b/scripts/generate-ssl-cert.sh index 69b7272b..14317c4f 100644 --- a/scripts/generate-ssl-cert.sh +++ b/scripts/generate-ssl-cert.sh @@ -4,6 +4,7 @@ LOG_FILE=$DIR/var/log/letsencrypt/letsencrypt.log-$(date '+%s') KEYS_DIR="$DIR/var/lib/jelastic/keys/" SETTINGS="$DIR/opt/letsencrypt/settings" DOMAIN_SEP=" -d " +TOO_MANY_FAILED_AUTH=23 GENERAL_RESULT_ERROR=21 TOO_MANY_CERTS=22 WRONG_WEBROOT_ERROR=25 @@ -63,7 +64,7 @@ do [[ -z $domain ]] && break; LOG_FILE=$LOG_FILE"-"$counter - resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --log $LOG_FILE 2>&1) + resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --server letsencrypt --log $LOG_FILE 2>&1) grep -q 'Cert success' $LOG_FILE && grep -q "BEGIN CERTIFICATE" $LOG_FILE && result_code=0 || result_code=$GENERAL_RESULT_ERROR @@ -86,6 +87,14 @@ do invalid_domain=$(echo $error | sed -rn 's/Cannot issue for \\\"(.*)\\\":.*/\1/p') } + [[ -z $error ]] && { + error=$(sed -rn 's/.*(Error creating new order \:\:) (too many failed authorizations recently.*)\",/\2/p' $LOG_FILE | sed '$!d'); + [[ ! -z $error ]] && { + rate_limit_auth_exceeded=true; + break; + } + } + [[ -z $error ]] && { error=$(sed -rn 's/.*(Error creating new order \:\: )(.*)\"\,/\2/p' $LOG_FILE | sed '$!d'); [[ ! -z $error ]] && { @@ -132,6 +141,7 @@ fi [[ $timed_out == true ]] && exit $TIME_OUT_ERROR; [[ $rate_limit_exceeded == true ]] && { echo "$error"; exit $TOO_MANY_CERTS; } [[ $result_code != "0" ]] && { echo "$all_invalid_domains_errors"; exit $GENERAL_RESULT_ERROR; } +[[ $rate_limit_auth_exceeded == true ]] && { echo "$error"; exit $TOO_MANY_FAILED_AUTH; } #To be sure that r/w access mkdir -p /tmp/ diff --git a/scripts/ssl-manager.js b/scripts/ssl-manager.js index 49bbd67f..f650cc35 100644 --- a/scripts/ssl-manager.js +++ b/scripts/ssl-manager.js @@ -41,6 +41,7 @@ function SSLManager(config) { INVALID_WEBROOT_DIR = 12005, UPLOADER_ERROR = 12006, READ_TIMED_OUT = 12007, + RATE_LIMIT_AUTH_EXCEEDED = 12003, VALIDATION_SCRIPT = "validation.sh", SHELL_CODES = {}, INSTALL_LE_SCRIPT = "install-le.sh", @@ -1044,10 +1045,11 @@ function SSLManager(config) { path : nodeManager.getPath(SETTINGS_PATH) }); }; - + me.defineShellCodes = function() { SHELL_CODES[WRONG_DNS_CUSTOM_DOMAINS] = 21; SHELL_CODES[RATE_LIMIT_EXCEEDED] = 22; + SHELL_CODES[RATE_LIMIT_AUTH_EXCEEDED] = 23; SHELL_CODES[INVALID_WEBROOT_DIR] = 25; SHELL_CODES[UPLOADER_ERROR] = 26; SHELL_CODES[READ_TIMED_OUT] = 27; @@ -1241,6 +1243,7 @@ function SSLManager(config) { if (resp.exitStatus == SHELL_CODES[UPLOADER_ERROR]) return { result: UPLOADER_ERROR} if (resp.exitStatus == SHELL_CODES[READ_TIMED_OUT]) return { result: READ_TIMED_OUT} if (resp.exitStatus == SHELL_CODES[RATE_LIMIT_EXCEEDED]) return { result: RATE_LIMIT_EXCEEDED, response: resp.out } + if (resp.exitStatus == SHELL_CODES[RATE_LIMIT_AUTH_EXCEEDED]) return { result: RATE_LIMIT_AUTH_EXCEEDED, response: resp.out } } //just cutting "out" for debug logging because it's too long in SSL generation output