From 26bd32cb1cb0d00691b3e398468c36225ff523dc Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 20 Jul 2022 10:20:55 +1000 Subject: [PATCH] letsencrypt: make acme.sh exits clearer This is a follow-on to Ica63860f3221e99ca0a2aa2636d573fc134447bb to make what's happening with the various exit points clearer. Also sneak in an explaination of the weird arg input for clarity. Change-Id: Ib059f1de465430d6e6f674b6649817105b7ef9a0 --- .../roles/letsencrypt-acme-sh-install/files/driver.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh b/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh index d9b3b05638..12ab4e3fc7 100644 --- a/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh +++ b/playbooks/roles/letsencrypt-acme-sh-install/files/driver.sh @@ -59,7 +59,13 @@ if [[ ${1} == "issue" ]]; then echo "Valid and current certificate found" >> ${LOG_FILE} exit 0 elif [[ ${_exit_code} == 3 ]]; then + # acme.sh really wants to talk to your SAAS DNS API for + # you to setup the challenge-reponse and then issue the + # cert; the "dns manual mode" requires the odd flags and + # also returns a separate error code when issuing a cert. + # For our purposes, this is a success. echo "Certificate request issued" >> ${LOG_FILE} + exit 0 else echo "Unknown failure: ${_exit_code}" >> ${LOG_FILE} exit ${_exit_code} @@ -112,6 +118,7 @@ elif [[ ${1} == "renew" ]]; then exit 0 elif [[ ${_exit_code} == 0 ]]; then echo "Certificate renewed" >> ${LOG_FILE} + exit 0 else echo "Unknown failure: ${_exit_code}" >> ${LOG_FILE} exit ${_exit_code} @@ -119,6 +126,9 @@ elif [[ ${1} == "renew" ]]; then done elif [[ ${1} == "selfsign" ]]; then # For testing, simulate the key generation + # Note as above "arg" is a compound argument where each + # request is a space-separated separate string, e.g. + # "-d foo.com -d foo1.com" "-d bar.com -d bar1.com" shift; for arg in "$@"; do {