fix: Renew certificates

2022-05-03 11:40:02 +02:00
parent 40da3ff9fe
commit 8b813fb07a
5 changed files with 80 additions and 7 deletions
--- a/src/lib/letsencrypt/index.ts
+++ b/src/lib/letsencrypt/index.ts
@@ -290,3 +290,28 @@ export async function generateSSLCerts(): Promise<void> {
 		}
 	}
 }
+
+export async function renewSSLCerts(): Promise<void> {
+	const host = 'unix:///var/run/docker.sock';
+	await asyncExecShell(`docker pull alpine:latest`);
+	const certbotImage =
+		process.arch === 'x64' ? 'certbot/certbot' : 'certbot/certbot:arm64v8-latest';
+
+	const { stdout: certificates } = await asyncExecShell(
+		`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "ls -1 /etc/letsencrypt/live/ | grep -v README"`
+	);
+
+	for (const certificate of certificates.trim().split('\n')) {
+		try {
+			await asyncExecShell(
+				`DOCKER_HOST=${host} docker run --rm --name certbot-renewal -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" ${certbotImage} --cert-name ${certificate} --logs-dir /etc/letsencrypt/logs renew --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080`
+			);
+			await asyncExecShell(
+				`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${certificate}/ && cat /etc/letsencrypt/live/${certificate}/fullchain.pem /etc/letsencrypt/live/${certificate}/privkey.pem > /app/ssl/${certificate}.pem"`
+			);
+		} catch (error) {
+			console.log(error);
+		}
+	}
+	await reloadHaproxy('unix:///var/run/docker.sock');
+}
--- a/src/lib/queues/index.ts
+++ b/src/lib/queues/index.ts
@@ -116,7 +116,7 @@ const cron = async (): Promise<void> => {
 	await queue.proxyTcpHttp.add('proxyTcpHttp', {}, { repeat: { every: 10000 } });
 	await queue.ssl.add('ssl', {}, { repeat: { every: dev ? 10000 : 60000 } });
 	if (!dev) await queue.cleanup.add('cleanup', {}, { repeat: { every: 300000 } });
-	await queue.sslRenew.add('sslRenew', {}, { repeat: { every: 1800000 } });
+	if (!dev) await queue.sslRenew.add('sslRenew', {}, { repeat: { every: 1800000 } });
 	await queue.autoUpdater.add('autoUpdater', {}, { repeat: { every: 60000 } });
 };
 cron().catch((error) => {
--- a/src/lib/queues/sslrenewal.ts
+++ b/src/lib/queues/sslrenewal.ts
@@ -1,9 +1,10 @@
-import { asyncExecShell } from '$lib/common';
-import { reloadHaproxy } from '$lib/haproxy';
+import { renewSSLCerts } from '$lib/letsencrypt';

 export default async function (): Promise<void> {
-	await asyncExecShell(
-		`docker run --rm --name certbot-renewal -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs renew`
-	);
-	await reloadHaproxy('unix:///var/run/docker.sock');
+	try {
+		return await renewSSLCerts();
+	} catch (error) {
+		console.log(error);
+		throw error;
+	}
 }