diff options
| -rw-r--r-- | macir.rb | 55 |
1 files changed, 26 insertions, 29 deletions
@@ -161,36 +161,31 @@ def wait_for_challenge_propagation(domain, challenge) res = Dnsruby::Resolver.new(nameserver) res.dnssec = false res.do_caching = false - begin + loop do p "Domain #{domain}: Querying ACME challenge record" - begin - result = res.query_no_validation_or_recursion("_acme-challenge.#{domain}", 'TXT') - rescue Dnsruby::NXDomain - p "Domain #{domain}: Not yet propagated, sleeping before checking again" - Thread.pass - sleep(0.1) - retry - rescue StandardError => e - warn "Domain #{domain}: ACME challenge lookup failed: #{e}" - raise - end - # p result + result = res.query_no_validation_or_recursion("_acme-challenge.#{domain}", 'TXT') propagated = result.answer.any? do |answer| answer.rdata[0] == challenge.record_content end - unless propagated - p "Domain #{domain}: Not yet propagated, sleeping before checking again" - Thread.pass - sleep(0.1) - end - end until propagated + break if propagated + + p "Domain #{domain}: Not yet propagated, still old value, sleeping before checking again" + sleep(0.5) + rescue Dnsruby::NXDomain + p "Domain #{domain}: Not yet propagated, NXdomain, sleeping before checking again" + sleep(0.5) + retry + rescue StandardError => e + warn "Domain #{domain}: ACME challenge lookup failed: #{e}" + raise + end end end threads.each(&:join) end -def wait_for_challenge_validation(challenge) +def wait_for_challenge_validation(challenge, cert_name) p 'Requesting validation of challenge' begin retries ||= 0 @@ -202,8 +197,8 @@ def wait_for_challenge_validation(challenge) end while challenge.status == 'pending' - p 'Sleeping because challenge validation is pending' - sleep(1) + p "Cert #{cert_name}: Sleeping because challenge validation is pending" + sleep(0.1) p 'Checking again' begin retries ||= 0 @@ -244,7 +239,7 @@ def get_cert(order, cert_name, domains, domain_key) end while order.status == 'processing' p "Cert #{cert_name}: Sleep while order is processing" - sleep(1) + sleep(0.1) p "Cert #{cert_name}: Rechecking order status" begin retries ||= 0 @@ -267,12 +262,12 @@ def get_cert(order, cert_name, domains, domain_key) end p "Cert #{cert_name}: Writing cert" - cert_file = File.new(path + Time.now.to_i.to_s + ".crt", 'w') + cert_file = File.new("#{path}#{Time.now.to_i}.crt", 'w') cert_file.write(cert) - if File.symlink?(File.dirname(cert_file) + "/current.crt") - File.unlink(File.dirname(cert_file) + "/current.crt") - File.symlink(File.basename(cert_file), File.dirname(cert_file) + "/current.crt") - elsif File.file?(File.dirname(cert_file) + "/current.crt") + if File.symlink?("#{File.dirname(cert_file)}/current.crt") + File.unlink("#{File.dirname(cert_file)}/current.crt") + File.symlink(File.basename(cert_file), "#{File.dirname(cert_file)}/current.crt") + elsif File.file?("#{File.dirname(cert_file)}/current.crt") raise 'Could not place symlink for "current.crt" because that is already a normal file.' end return cert @@ -288,6 +283,7 @@ ensure_cert_dir(cert_dir) acme_threads = [] # iterate over configured certs # TODO: make this one thread per cert +# TODO: check all domains for apex domain, deploy challenges for one apex_domain all at once config['certs'].each_pair do |cert_name, cert_opts| acme_threads << Thread.new(cert_name, cert_opts) do |cert_name, cert_opts| ensure_cert_dir(cert_dir + cert_name) @@ -334,6 +330,7 @@ config['certs'].each_pair do |cert_name, cert_opts| if order.status != 'ready' p "Cert #{cert_name}: Order is not ready, we need to authorize first" + # TODO: collect dns modifications per primary NS, update all at once p "Cert #{cert_name}: Iterating over required authorizations" begin retries ||= 0 @@ -357,7 +354,7 @@ config['certs'].each_pair do |cert_name, cert_opts| primary_ns = config.dig('domains', auth.domain, 'primary_ns') || config.dig('defaults', 'domains', 'primary_ns') deploy_dns01_challenge_token(auth.domain, challenge, primary_ns, config) wait_for_challenge_propagation(auth.domain, challenge) - wait_for_challenge_validation(challenge) + wait_for_challenge_validation(challenge, cert_name) end else p "Cert #{cert_name}: Order is ready, we don’t need to authorize" |