From 9cfde497198d6225bd05d77556d2a7c520a0e558 Mon Sep 17 00:00:00 2001 From: "alexey.lazarenko" Date: Tue, 17 May 2022 10:13:46 +0300 Subject: [PATCH 1/5] fixed typo --- scripts/ssl-manager.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ssl-manager.js b/scripts/ssl-manager.js index 490e09af..2f0d48a0 100644 --- a/scripts/ssl-manager.js +++ b/scripts/ssl-manager.js @@ -518,7 +518,7 @@ function SSLManager(config) { session: session, script: config.scriptName, trigger: "once_delay:1000", - description: "update LE sertificate", + description: "update LE certificate", params: { token: config.token, task: 1, action : "auto-update" } }); }; From 350860992afbc33c11ea1268186519c6ca723f93 Mon Sep 17 00:00:00 2001 From: "alexey.lazarenko" Date: Tue, 19 Jul 2022 12:51:57 +0300 Subject: [PATCH 2/5] Update ssl-manager.js --- scripts/ssl-manager.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ssl-manager.js b/scripts/ssl-manager.js index 2f0d48a0..a8f11707 100644 --- a/scripts/ssl-manager.js +++ b/scripts/ssl-manager.js @@ -519,7 +519,10 @@ function SSLManager(config) { script: config.scriptName, trigger: "once_delay:1000", description: "update LE certificate", - params: { token: config.token, task: 1, action : "auto-update" } + params: { + action : "update", + task: 1 + } }); }; From ffd9dec1910e2e962b443314fe37e1957828bcea Mon Sep 17 00:00:00 2001 From: "alexey.lazarenko" Date: Mon, 5 Sep 2022 16:20:14 +0300 Subject: [PATCH 3/5] JE-58135 [LE] handle 'too many failed authorizations recently' error with appropriate exit code --- scripts/generate-ssl-cert.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/generate-ssl-cert.sh b/scripts/generate-ssl-cert.sh index 69b7272b..633a4c64 100644 --- a/scripts/generate-ssl-cert.sh +++ b/scripts/generate-ssl-cert.sh @@ -4,6 +4,7 @@ LOG_FILE=$DIR/var/log/letsencrypt/letsencrypt.log-$(date '+%s') KEYS_DIR="$DIR/var/lib/jelastic/keys/" SETTINGS="$DIR/opt/letsencrypt/settings" DOMAIN_SEP=" -d " +TOO_MANY_FAILED_AUTH=23 GENERAL_RESULT_ERROR=21 TOO_MANY_CERTS=22 WRONG_WEBROOT_ERROR=25 @@ -86,6 +87,14 @@ do invalid_domain=$(echo $error | sed -rn 's/Cannot issue for \\\"(.*)\\\":.*/\1/p') } + [[ -z $error ]] && { + error=$(sed -rn 's/.*(Error creating new order \:\:) (too many failed authorizations recently.*)\",/\2/p' $LOG_FILE | sed '$!d'); + [[ ! -z $error ]] && { + rate_limit_auth_exceeded=true; + break; + } + } + [[ -z $error ]] && { error=$(sed -rn 's/.*(Error creating new order \:\: )(.*)\"\,/\2/p' $LOG_FILE | sed '$!d'); [[ ! -z $error ]] && { @@ -132,6 +141,7 @@ fi [[ $timed_out == true ]] && exit $TIME_OUT_ERROR; [[ $rate_limit_exceeded == true ]] && { echo "$error"; exit $TOO_MANY_CERTS; } [[ $result_code != "0" ]] && { echo "$all_invalid_domains_errors"; exit $GENERAL_RESULT_ERROR; } +[[ $rate_limit_auth_exceeded == true ]] && { echo "$error"; exit $TOO_MANY_FAILED_AUTH; } #To be sure that r/w access mkdir -p /tmp/ From b649e0f1a333a136b3430ab5ecb1c5cd7fb7f1dc Mon Sep 17 00:00:00 2001 From: "alexey.lazarenko" Date: Mon, 5 Sep 2022 16:24:59 +0300 Subject: [PATCH 4/5] JE-58135 [LE] handle 'too many failed authorizations recently' error with appropriate exit code --- scripts/ssl-manager.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ssl-manager.js b/scripts/ssl-manager.js index 49bbd67f..f650cc35 100644 --- a/scripts/ssl-manager.js +++ b/scripts/ssl-manager.js @@ -41,6 +41,7 @@ function SSLManager(config) { INVALID_WEBROOT_DIR = 12005, UPLOADER_ERROR = 12006, READ_TIMED_OUT = 12007, + RATE_LIMIT_AUTH_EXCEEDED = 12003, VALIDATION_SCRIPT = "validation.sh", SHELL_CODES = {}, INSTALL_LE_SCRIPT = "install-le.sh", @@ -1044,10 +1045,11 @@ function SSLManager(config) { path : nodeManager.getPath(SETTINGS_PATH) }); }; - + me.defineShellCodes = function() { SHELL_CODES[WRONG_DNS_CUSTOM_DOMAINS] = 21; SHELL_CODES[RATE_LIMIT_EXCEEDED] = 22; + SHELL_CODES[RATE_LIMIT_AUTH_EXCEEDED] = 23; SHELL_CODES[INVALID_WEBROOT_DIR] = 25; SHELL_CODES[UPLOADER_ERROR] = 26; SHELL_CODES[READ_TIMED_OUT] = 27; @@ -1241,6 +1243,7 @@ function SSLManager(config) { if (resp.exitStatus == SHELL_CODES[UPLOADER_ERROR]) return { result: UPLOADER_ERROR} if (resp.exitStatus == SHELL_CODES[READ_TIMED_OUT]) return { result: READ_TIMED_OUT} if (resp.exitStatus == SHELL_CODES[RATE_LIMIT_EXCEEDED]) return { result: RATE_LIMIT_EXCEEDED, response: resp.out } + if (resp.exitStatus == SHELL_CODES[RATE_LIMIT_AUTH_EXCEEDED]) return { result: RATE_LIMIT_AUTH_EXCEEDED, response: resp.out } } //just cutting "out" for debug logging because it's too long in SSL generation output From 8b04441082f43bbca49ab8c569d3f5a32b0707b7 Mon Sep 17 00:00:00 2001 From: "alexey.lazarenko" Date: Mon, 5 Sep 2022 16:56:22 +0300 Subject: [PATCH 5/5] JE-58135 [LE] handle 'too many failed authorizations recently' error with appropriate exit code --- scripts/generate-ssl-cert.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate-ssl-cert.sh b/scripts/generate-ssl-cert.sh index 633a4c64..14317c4f 100644 --- a/scripts/generate-ssl-cert.sh +++ b/scripts/generate-ssl-cert.sh @@ -64,7 +64,7 @@ do [[ -z $domain ]] && break; LOG_FILE=$LOG_FILE"-"$counter - resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --log $LOG_FILE 2>&1) + resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --server letsencrypt --log $LOG_FILE 2>&1) grep -q 'Cert success' $LOG_FILE && grep -q "BEGIN CERTIFICATE" $LOG_FILE && result_code=0 || result_code=$GENERAL_RESULT_ERROR