From 8501b85e09c02f9bd18e8f73453a327ddf7c12e1 Mon Sep 17 00:00:00 2001 From: Hendrik Jäger Date: Sat, 3 Feb 2024 13:38:31 +0100 Subject: change: use generic wrapper function for handling acme requests to retry on invalid nonce errors --- macir.rb | 90 +++++++++++++--------------------------------------------------- 1 file changed, 18 insertions(+), 72 deletions(-) diff --git a/macir.rb b/macir.rb index f371c36..8331da4 100644 --- a/macir.rb +++ b/macir.rb @@ -185,29 +185,24 @@ def wait_for_challenge_propagation(domain, challenge) threads.each(&:join) end +def acme_request_with_retries + retries ||= 0 + yield +rescue Acme::Client::Error::BadNonce + retries += 1 + p 'Retrying because of invalid nonce.' + retry if retries <= 5 +end + def wait_for_challenge_validation(challenge, cert_name) p 'Requesting validation of challenge' - begin - retries ||= 0 - challenge.request_validation - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + acme_request_with_retries { challenge.request_validation } while challenge.status == 'pending' p "Cert #{cert_name}: Sleeping because challenge validation is pending" sleep(0.1) p 'Checking again' - begin - retries ||= 0 - challenge.reload - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + acme_request_with_retries { challenge.reload } end end @@ -221,45 +216,17 @@ def get_cert(order, cert_name, domains, domain_key) subject: { common_name: domains[0] } ) p "Cert #{cert_name}: Finalize cert order" - begin - retries ||= 0 - order.reload - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end - begin - retries ||= 0 - order.finalize(csr: csr) - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + acme_request_with_retries { order.reload } + acme_request_with_retries { order.finalize(csr: csr) } while order.status == 'processing' p "Cert #{cert_name}: Sleep while order is processing" sleep(0.1) p "Cert #{cert_name}: Rechecking order status" - begin - retries ||= 0 - order.reload - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + acme_request_with_retries { order.reload } end # p "order status: #{order.status}" # pp order - begin - retries ||= 0 - cert = order.certificate - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + cert = acme_request_with_retries { order.certificate } p "Cert #{cert_name}: Writing cert" cert_file = File.new("#{path}#{Time.now.to_i}.crt", 'w') @@ -305,24 +272,10 @@ config['certs'].each_pair do |cert_name, cert_opts| p "Cert #{cert_name}: Creating client object for communication with CA" client = Acme::Client.new(private_key: private_key, directory: acme_directory_url) - begin - retries ||= 0 - client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true) - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + acme_request_with_retries { client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true) } p "Cert #{cert_name}: Creating order object for cert #{cert_name}" - begin - retries ||= 0 - order = client.new_order(identifiers: cert_opts['domain_names']) - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + order = acme_request_with_retries { client.new_order(identifiers: cert_opts['domain_names']) } p "Cert #{cert_name}: order status" p order.status @@ -332,14 +285,7 @@ config['certs'].each_pair do |cert_name, cert_opts| # TODO: collect dns modifications per primary NS, update all at once p "Cert #{cert_name}: Iterating over required authorizations" - begin - retries ||= 0 - auths = order.authorizations - rescue Acme::Client::Error::BadNonce - retries += 1 - p 'Retrying because of invalid nonce.' - retry if retries <= 5 - end + auths = acme_request_with_retries { order.authorizations } auths.each do |auth| p "Cert #{cert_name}: Processing authorization for #{auth.domain}" p "Cert #{cert_name}: Finding challenge type for #{auth.domain}" -- cgit v1.2.3