diff --git a/scripts/generate-ssl-cert.sh b/scripts/generate-ssl-cert.sh index 9e69c687..83ecb1ff 100644 --- a/scripts/generate-ssl-cert.sh +++ b/scripts/generate-ssl-cert.sh @@ -10,6 +10,7 @@ WRONG_WEBROOT_ERROR=25 UPLOAD_CERTS_ERROR=26 TIME_OUT_ERROR=27 NO_VALID_IP_ADDRESSES=28 +UNEXPECTED_END_FILE=29 counter=1 [ -f "${SETTINGS}" ] && source "${SETTINGS}" || { echo "No settings available" ; exit 3 ; } @@ -62,56 +63,66 @@ result_code=$GENERAL_RESULT_ERROR; while [ "$result_code" != "0" ] do [[ -z $domain ]] && break; - LOG_FILE=$LOG_FILE"-"$counter + [[ $counter -eq '5' ]] && break; + LOOP_LOG_FILE=$LOG_FILE"-"$counter - resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --log $LOG_FILE 2>&1) + resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --log $LOOP_LOG_FILE 2>&1) - grep -q 'Cert success' $LOG_FILE && grep -q "BEGIN CERTIFICATE" $LOG_FILE && result_code=0 || result_code=$GENERAL_RESULT_ERROR + grep -q 'Cert success' $LOOP_LOG_FILE && grep -q "BEGIN CERTIFICATE" $LOOP_LOG_FILE && result_code=0 || result_code=$GENERAL_RESULT_ERROR [[ "$result_code" == "$GENERAL_RESULT_ERROR" ]] && { - error=$(sed -rn 's/.*\s(.*)(DNS problem: .*?)",\"status.*/\2/p' $LOG_FILE | sed '$!d') + error=$(sed -rn 's/.*\s(.*)(DNS problem: .*?)",\"status.*/\2/p' $LOOP_LOG_FILE | sed '$!d') [[ ! -z $error ]] && invalid_domain=$(echo $error | sed -rn 's/.* (.*) - .*/\1/p') [[ -z $error ]] && { - error=$(sed -rn 's/.*\s(.*)(Invalid response from https?:\/\/.*).*/\2/p' $LOG_FILE | sed '$!d') + error=$(sed -rn 's/.*\s(.*)(Invalid response from https?:\/\/.*).*/\2/p' $LOOP_LOG_FILE | sed '$!d') [[ ! -z $error ]] && invalid_domain=$(echo $error | sed -rn 's|(.+)addressesResolved|\1|p' | sed -rn 's|(.+)hostname.*|\1|p' | sed -rn 's|.*hostname\"\:\"([^\"]*).*|\1|p') [[ -z $invalid_domain ]] && invalid_domain=$(echo $error | sed -rn 's|(.+)addressesResolved|\1|p' | sed -rn 's|.*hostname\":\"(.*)|\1|p' | sed -rn 's|\",.*||p') } [[ -z $error ]] && { - error=$(sed -rn 's/.*\s(.*)(Verify error:)/\1/p' $LOG_FILE | sed '$!d') + error=$(sed -rn 's/.*\s(.*)(Verify error:)/\1/p' $LOOP_LOG_FILE | sed '$!d') [[ ! -z $error ]] && invalid_domain=$(echo $error | sed "s/:.*//") } [[ -z $error ]] && { - error=$(sed -rn 's/.*(Cannot issue for .*)",/\1/p' $LOG_FILE | sed '$!d') + error=$(sed -rn 's/.*(Cannot issue for .*)",/\1/p' $LOOP_LOG_FILE | sed '$!d') invalid_domain=$(echo $error | sed -rn 's/Cannot issue for \\\"(.*)\\\":.*/\1/p') } [[ -z $error ]] && { - error=$(sed -rn 's/.*\s(.*)(Fetching https?:\/\/.*): Error getting validation data.*/\2/p' $LOG_FILE | sed '$!d') + error=$(sed -rn 's/.*\s(.*)(Fetching https?:\/\/.*): Error getting validation data.*/\2/p' $LOOP_LOG_FILE | sed '$!d') invalid_domain=$(echo $error | sed -rn 's/Fetching https?:\/\/(.*)\/.well-known.*/\1/p') } [[ -z $error ]] && { - error=$(sed -rn 's|.*"detail":"(No valid IP addresses found [^"]+)".*|\1|p' $LOG_FILE | sed '$!d') + error=$(sed -rn 's|.*"detail":"(No valid IP addresses found [^"]+)".*|\1|p' $LOOP_LOG_FILE | sed '$!d') [[ -z $error ]] && { - error=$(sed -rn 's|.*"detail":"(no valid A records found for [^;]+).*|\1|p' $LOG_FILE | sed '$!d') + error=$(sed -rn 's|.*"detail":"(no valid A records found for [^;]+).*|\1|p' $LOOP_LOG_FILE | sed '$!d') } invalid_domain=$(echo $error | sed -rn 's/.*for (.*)/\1/p') [[ ! -z $error ]] && no_valid_ip=true } [[ -z $error ]] && { - error=$(sed -rn 's/.*(Error creating new order \:\: )(.*)\"\,/\2/p' $LOG_FILE | sed '$!d'); + error=$(sed -rn 's/.*(Error creating new order \:\: )(.*)\"\,/\2/p' $LOOP_LOG_FILE | sed '$!d'); [[ ! -z $error ]] && { rate_limit_exceeded=true; break; } } - all_invalid_domains_errors+=$error";" - all_invalid_domains+=$invalid_domain" " + [[ -z $error ]] && { + grep -q "syntax error: unexpected end of file" <<< $resp && { + unexpected_end_file=true; + break; + } + } + + [[ ! -z "$error" ]] && { + all_invalid_domains_errors+=$error";"; + all_invalid_domains+=$invalid_domain" "; + } domain=$(echo $domain | sed 's/'${invalid_domain}'\(\s-d\s\)\?//') domain=$(echo $domain | sed "s/\s-d$//") @@ -148,6 +159,7 @@ fi [[ $timed_out == true ]] && exit $TIME_OUT_ERROR; [[ $no_valid_ip == true ]] && { echo "$error"; exit $NO_VALID_IP_ADDRESSES; } [[ $rate_limit_exceeded == true ]] && { echo "$error"; exit $TOO_MANY_CERTS; } +[[ $unexpected_end_file == true ]] && { echo "$resp"; exit $UNEXPECTED_END_FILE; } [[ $result_code != "0" ]] && { echo "$all_invalid_domains_errors"; exit $GENERAL_RESULT_ERROR; } #To be sure that r/w access diff --git a/scripts/ssl-manager.js b/scripts/ssl-manager.js index 4f9d9ef7..f3c7406e 100644 --- a/scripts/ssl-manager.js +++ b/scripts/ssl-manager.js @@ -43,6 +43,7 @@ function SSLManager(config) { UPLOADER_ERROR = 12006, READ_TIMED_OUT = 12007, NO_VALID_IP_ADDRESSES = 12008, + UNEXPECTED_END_FILE = 12009, VALIDATION_SCRIPT = "validation.sh", SHELL_CODES = {}, INSTALL_LE_SCRIPT = "install-le.sh", @@ -1098,6 +1099,7 @@ function SSLManager(config) { SHELL_CODES[UPLOADER_ERROR] = 26; SHELL_CODES[READ_TIMED_OUT] = 27; SHELL_CODES[NO_VALID_IP_ADDRESSES] = 28; + SHELL_CODES[UNEXPECTED_END_FILE] = 29; }; me.generateSslCerts = function generateSslCerts() { @@ -1245,6 +1247,16 @@ function SSLManager(config) { }; } + if (resp.result && resp.result == UNEXPECTED_END_FILE) { + return { + result: UNEXPECTED_END_FILE, + error: resp.response, + response: resp.response, + type: "warning", + message: resp.response + }; + } + return resp; }; @@ -1294,12 +1306,13 @@ function SSLManager(config) { out = resp.error + resp.errOut + resp.out; if (resp) { - if (resp.exitStatus == SHELL_CODES[WRONG_DNS_CUSTOM_DOMAINS]) return { result: WRONG_DNS_CUSTOM_DOMAINS, response: resp.out} - if (resp.exitStatus == SHELL_CODES[INVALID_WEBROOT_DIR]) return { result: INVALID_WEBROOT_DIR} - if (resp.exitStatus == SHELL_CODES[UPLOADER_ERROR]) return { result: UPLOADER_ERROR} - if (resp.exitStatus == SHELL_CODES[READ_TIMED_OUT]) return { result: READ_TIMED_OUT} + if (resp.exitStatus == SHELL_CODES[WRONG_DNS_CUSTOM_DOMAINS]) return { result: WRONG_DNS_CUSTOM_DOMAINS, response: resp.out } + if (resp.exitStatus == SHELL_CODES[INVALID_WEBROOT_DIR]) return { result: INVALID_WEBROOT_DIR } + if (resp.exitStatus == SHELL_CODES[UPLOADER_ERROR]) return { result: UPLOADER_ERROR } + if (resp.exitStatus == SHELL_CODES[READ_TIMED_OUT]) return { result: READ_TIMED_OUT } if (resp.exitStatus == SHELL_CODES[NO_VALID_IP_ADDRESSES]) return { result: NO_VALID_IP_ADDRESSES, response: resp.out } if (resp.exitStatus == SHELL_CODES[RATE_LIMIT_EXCEEDED]) return { result: RATE_LIMIT_EXCEEDED, response: resp.out } + if (resp.exitStatus == SHELL_CODES[UNEXPECTED_END_FILE]) return { result: UNEXPECTED_END_FILE, response: resp.out } } //just cutting "out" for debug logging because it's too long in SSL generation output