Skip to content

Commit 4587a64

Browse files
LupulLupul
committed
[LE] Stop trying to renew LE certs after multiple consecutive failed attempts. Thanks @dpeca 
1 parent 6d3c99e commit 4587a64

File tree

2 files changed

+39
-2
lines changed

2 files changed

+39
-2
lines changed

bin/v-add-letsencrypt-domain

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -429,13 +429,17 @@ fi
429429
if [ -z "$mail" ]; then
430430
if [ -z "$LETSENCRYPT" ]; then
431431
add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT' 'FTP_USER'
432+
add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
432433
fi
433434
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
435+
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "0"
434436
else
435437
if [ -z "$LETSENCRYPT" ]; then
436438
add_object_key "mail" 'DOMAIN' "$root_domain" 'LETSENCRYPT'
439+
add_object_key "mail" 'DOMAIN' "$root_domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
437440
fi
438441
update_object_value 'mail' 'DOMAIN' "$root_domain" '$LETSENCRYPT' 'yes'
442+
update_object_value 'mail' 'DOMAIN' "$root_domain" '$LETSENCRYPT_FAIL_COUNT' "0"
439443
fi
440444

441445
# Remove challenge folder if exist

bin/v-update-letsencrypt-ssl

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,24 @@ source $HESTIA/conf/hestia.conf
2424

2525
# Set LE counter
2626
lecounter=0
27+
max_LE_failures=30
2728

2829
# Checking user certificates
2930
for user in $($HESTIA/bin/v-list-sys-users plain); do
3031
USER_DATA=$HESTIA/data/users/$user
3132

3233
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
34+
35+
domain_suspended="$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')"
36+
if [ "$domain_suspended" = "yes" ]; then
37+
continue
38+
fi
39+
40+
fail_counter="$(get_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
41+
if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
42+
continue
43+
fi
44+
3345
crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
3446
not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
3547
expiration=$(date -d "$not_after" +%s)
@@ -48,12 +60,28 @@ for user in $($HESTIA/bin/v-list-sys-users plain); do
4860
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
4961
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
5062
if [ $? -ne 0 ]; then
51-
echo "$domain $msg"
63+
log_event $E_INVALID "$domain $msg"
64+
if [ -z "$fail_counter" ]; then
65+
add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
66+
fi
67+
((fail_counter++))
68+
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
5269
fi
5370
fi
5471
done
5572

5673
for domain in $(search_objects 'mail' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
74+
75+
domain_suspended="$(get_object_value 'mail' 'DOMAIN' "$domain" '$SUSPENDED')"
76+
if [ "$domain_suspended" = "yes" ]; then
77+
continue
78+
fi
79+
80+
fail_counter="$(get_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
81+
if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
82+
continue
83+
fi
84+
5785
crt_data=$(openssl x509 -text -in $USER_DATA/ssl/mail.$domain.crt)
5886
not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
5987
expiration=$(date -d "$not_after" +%s)
@@ -67,7 +95,12 @@ for user in $($HESTIA/bin/v-list-sys-users plain); do
6795
((lecounter++))
6896
msg=$($BIN/v-add-letsencrypt-domain $user $domain ' ' yes)
6997
if [ $? -ne 0 ]; then
70-
echo "$domain $msg"
98+
log_event $E_INVALID "$domain $msg"
99+
if [ -z "$fail_counter" ]; then
100+
add_object_key "mail" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
101+
fi
102+
((fail_counter++))
103+
update_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
71104
fi
72105
fi
73106
done

0 commit comments

Comments
 (0)