letsencrypt: make acme.sh exits clearer

This is a follow-on to Ica63860f3221e99ca0a2aa2636d573fc134447bb to make what's happening with the various exit points clearer. Also sneak in an explaination of the weird arg input for clarity. Change-Id: Ib059f1de465430d6e6f674b6649817105b7ef9a0
2022-07-20 10:20:55 +10:00 · 2022-07-20 10:20:55 +10:00 · 26bd32cb1c
commit 26bd32cb1c
parent 864f39bfff
1 changed files with 10 additions and 0 deletions
--- a/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh
+++ b/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh
@ -59,7 +59,13 @@ if [[ ${1} == "issue" ]]; then
            echo "Valid and current certificate found" >> ${LOG_FILE}
            exit 0
        elif [[ ${_exit_code} == 3 ]]; then
+            # acme.sh really wants to talk to your SAAS DNS API for
+            # you to setup the challenge-reponse and then issue the
+            # cert; the "dns manual mode" requires the odd flags and
+            # also returns a separate error code when issuing a cert.
+            # For our purposes, this is a success.
            echo "Certificate request issued" >> ${LOG_FILE}
+            exit 0
        else
            echo "Unknown failure: ${_exit_code}" >> ${LOG_FILE}
            exit ${_exit_code}
@ -112,6 +118,7 @@ elif [[ ${1} == "renew" ]]; then
            exit 0
        elif [[ ${_exit_code} == 0 ]]; then
            echo "Certificate renewed" >> ${LOG_FILE}
+            exit 0
        else
            echo "Unknown failure: ${_exit_code}" >> ${LOG_FILE}
            exit ${_exit_code}
@ -119,6 +126,9 @@ elif [[ ${1} == "renew" ]]; then
    done
 elif [[ ${1} == "selfsign" ]]; then
    # For testing, simulate the key generation
+    # Note as above "arg" is a compound argument where each
+    # request is a space-separated separate string, e.g.
+    #  "-d foo.com -d foo1.com" "-d bar.com -d bar1.com"
    shift;
    for arg in "$@"; do
        {