From 61820840e06d4614e96e4c3834b2d9e294d7c74b Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 4 Jan 2018 14:31:18 +1000 Subject: [PATCH] Use the letsencrypt renewal process --- manager/src/backend/internal/ssl.js | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/manager/src/backend/internal/ssl.js b/manager/src/backend/internal/ssl.js index 8a3f6536..eb1a6602 100644 --- a/manager/src/backend/internal/ssl.js +++ b/manager/src/backend/internal/ssl.js @@ -39,11 +39,14 @@ const internalSsl = { // This host is due to expire in 1 day, time to renew logger.info('Host ' + host.hostname + ' is due for SSL renewal'); - internalSsl.configureSsl(host) + internalSsl.renewSsl(host) .then(() => { - return internalNginx.generateConfig(host); + // Certificate was requested ok, update the timestamp on the host + db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, { + multi: false, + upsert: false + }); }) - .then(internalNginx.reload) .then(next) .catch(err => { logger.error(err); @@ -88,6 +91,20 @@ const internalSsl = { }); }, + /** + * @param {Object} host + * @returns {Promise} + */ + renewSsl: host => { + logger.info('Renewing SSL certificates for ' + host.hostname); + + return utils.exec('/usr/bin/letsencrypt renew --force-renewal --disable-hook-validation --cert-name "' + host.hostname + '"') + .then(result => { + logger.info(result); + return result; + }); + }, + /** * @param {Object} host * @returns {Promise}