From 07e1ab096cd5b44c54ecdf698be1806dbbf45677 Mon Sep 17 00:00:00 2001 From: aptalca Date: Wed, 20 Jan 2021 08:43:55 -0500 Subject: [PATCH] Add check for ZeroSSL EAB retrieval --- README.md | 1 + readme-vars.yml | 1 + root/etc/cont-init.d/50-config | 8 ++++++++ 3 files changed, 10 insertions(+) diff --git a/README.md b/README.md index ee18a74..59cd67b 100644 --- a/README.md +++ b/README.md @@ -326,6 +326,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **20.01.21:** - Add check for ZeroSSL EAB retrieval. * **08.01.21:** - Add support for getting certs from [ZeroSSL](https://zerossl.com/) via optional `CERTPROVIDER` env var. Update aliyun, domeneshop, inxw and transip dns plugins with the new plugin names. Hide `donoteditthisfile.conf` because users were editing it despite its name. Suppress harmless error when no proxy confs are enabled. * **03.01.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) /config/nginx/site-confs/default - Add helper pages to aid troubleshooting * **10.12.20:** - Add support for njalla dns validation diff --git a/readme-vars.yml b/readme-vars.yml index bfe11d1..4ce2d49 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "20.01.21:", desc: "Add check for ZeroSSL EAB retrieval." } - { date: "08.01.21:", desc: "Add support for getting certs from [ZeroSSL](https://zerossl.com/) via optional `CERTPROVIDER` env var. Update aliyun, domeneshop, inxw and transip dns plugins with the new plugin names. Hide `donoteditthisfile.conf` because users were editing it despite its name. Suppress harmless error when no proxy confs are enabled." } - { date: "03.01.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) /config/nginx/site-confs/default - Add helper pages to aid troubleshooting" } - { date: "10.12.20:", desc: "Add support for njalla dns validation" } diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index e94ace6..8a9a784 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -255,6 +255,10 @@ if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! " REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$ORIGEMAIL") REV_ZEROSSL_EAB_KID=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") REV_ZEROSSL_EAB_HMAC_KEY=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") + if [ -z "$REV_ZEROSSL_EAB_KID" ] || or [ -z "$REV_ZEROSSL_EAB_CREDS" ]; then + echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." + sleep infinity + fi REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}" elif [ "$ORIGSTAGING" = "true" ]; then REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory" @@ -283,6 +287,10 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL") ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") + if [ -z "$ZEROSSL_EAB_KID" ] || or [ -z "$ZEROSSL_EAB_CREDS" ]; then + echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." + sleep infinity + fi ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}" fi echo "Generating new certificate"