summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2024-02-03 13:38:31 +0100
committerHendrik Jäger <gitcommit@henk.geekmail.org>2024-02-03 13:38:31 +0100
commit8501b85e09c02f9bd18e8f73453a327ddf7c12e1 (patch)
tree7f2ccc4003e750a3fb65f3243f74c7298e475a44
parentdb7ded836d43cf0860b76dfec6f0efa5305b1ede (diff)
change: use generic wrapper function for handling acme requests to retry on invalid nonce errors
-rw-r--r--macir.rb90
1 files changed, 18 insertions, 72 deletions
diff --git a/macir.rb b/macir.rb
index f371c36..8331da4 100644
--- a/macir.rb
+++ b/macir.rb
@@ -185,29 +185,24 @@ def wait_for_challenge_propagation(domain, challenge)
threads.each(&:join)
end
+def acme_request_with_retries
+ retries ||= 0
+ yield
+rescue Acme::Client::Error::BadNonce
+ retries += 1
+ p 'Retrying because of invalid nonce.'
+ retry if retries <= 5
+end
+
def wait_for_challenge_validation(challenge, cert_name)
p 'Requesting validation of challenge'
- begin
- retries ||= 0
- challenge.request_validation
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ acme_request_with_retries { challenge.request_validation }
while challenge.status == 'pending'
p "Cert #{cert_name}: Sleeping because challenge validation is pending"
sleep(0.1)
p 'Checking again'
- begin
- retries ||= 0
- challenge.reload
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ acme_request_with_retries { challenge.reload }
end
end
@@ -221,45 +216,17 @@ def get_cert(order, cert_name, domains, domain_key)
subject: { common_name: domains[0] }
)
p "Cert #{cert_name}: Finalize cert order"
- begin
- retries ||= 0
- order.reload
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
- begin
- retries ||= 0
- order.finalize(csr: csr)
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ acme_request_with_retries { order.reload }
+ acme_request_with_retries { order.finalize(csr: csr) }
while order.status == 'processing'
p "Cert #{cert_name}: Sleep while order is processing"
sleep(0.1)
p "Cert #{cert_name}: Rechecking order status"
- begin
- retries ||= 0
- order.reload
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ acme_request_with_retries { order.reload }
end
# p "order status: #{order.status}"
# pp order
- begin
- retries ||= 0
- cert = order.certificate
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ cert = acme_request_with_retries { order.certificate }
p "Cert #{cert_name}: Writing cert"
cert_file = File.new("#{path}#{Time.now.to_i}.crt", 'w')
@@ -305,24 +272,10 @@ config['certs'].each_pair do |cert_name, cert_opts|
p "Cert #{cert_name}: Creating client object for communication with CA"
client = Acme::Client.new(private_key: private_key, directory: acme_directory_url)
- begin
- retries ||= 0
- client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true)
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ acme_request_with_retries { client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true) }
p "Cert #{cert_name}: Creating order object for cert #{cert_name}"
- begin
- retries ||= 0
- order = client.new_order(identifiers: cert_opts['domain_names'])
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ order = acme_request_with_retries { client.new_order(identifiers: cert_opts['domain_names']) }
p "Cert #{cert_name}: order status"
p order.status
@@ -332,14 +285,7 @@ config['certs'].each_pair do |cert_name, cert_opts|
# TODO: collect dns modifications per primary NS, update all at once
p "Cert #{cert_name}: Iterating over required authorizations"
- begin
- retries ||= 0
- auths = order.authorizations
- rescue Acme::Client::Error::BadNonce
- retries += 1
- p 'Retrying because of invalid nonce.'
- retry if retries <= 5
- end
+ auths = acme_request_with_retries { order.authorizations }
auths.each do |auth|
p "Cert #{cert_name}: Processing authorization for #{auth.domain}"
p "Cert #{cert_name}: Finding challenge type for #{auth.domain}"