|
|
@@ -26,10 +26,11 @@ function omissions() {
|
|
|
|
|
|
const internalCertificate = {
|
|
|
|
|
|
- allowedSslFiles: ['certificate', 'certificate_key', 'intermediate_certificate'],
|
|
|
- intervalTimeout: 1000 * 60 * 60, // 1 hour
|
|
|
- interval: null,
|
|
|
- intervalProcessing: false,
|
|
|
+ allowedSslFiles: ['certificate', 'certificate_key', 'intermediate_certificate'],
|
|
|
+ intervalTimeout: 1000 * 60 * 60, // 1 hour
|
|
|
+ interval: null,
|
|
|
+ intervalProcessing: false,
|
|
|
+ renewBeforeExpirationBy: [7, 'days'],
|
|
|
|
|
|
initTimer: () => {
|
|
|
logger.info('Let\'s Encrypt Renewal Timer initialized');
|
|
|
@@ -46,58 +47,41 @@ const internalCertificate = {
|
|
|
internalCertificate.intervalProcessing = true;
|
|
|
logger.info('Renewing SSL certs close to expiry...');
|
|
|
|
|
|
- const cmd = certbotCommand + ' renew --non-interactive --quiet ' +
|
|
|
- '--config "' + letsencryptConfig + '" ' +
|
|
|
- '--work-dir "/tmp/letsencrypt-lib" ' +
|
|
|
- '--logs-dir "/tmp/letsencrypt-log" ' +
|
|
|
- '--preferred-challenges "dns,http" ' +
|
|
|
- '--disable-hook-validation ' +
|
|
|
- (letsencryptStaging ? '--staging' : '');
|
|
|
-
|
|
|
- return utils.exec(cmd)
|
|
|
- .then((result) => {
|
|
|
- if (result) {
|
|
|
- logger.info('Renew Result: ' + result);
|
|
|
+ const expirationThreshold = moment().add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1]).format('YYYY-MM-DD HH:mm:ss');
|
|
|
+
|
|
|
+ // Fetch all the letsencrypt certs from the db that will expire within 7 days
|
|
|
+ certificateModel
|
|
|
+ .query()
|
|
|
+ .where('is_deleted', 0)
|
|
|
+ .andWhere('provider', 'letsencrypt')
|
|
|
+ .andWhere('expires_on', '<', expirationThreshold)
|
|
|
+ .then((certificates) => {
|
|
|
+ if (!certificates || !certificates.length) {
|
|
|
+ return null;
|
|
|
}
|
|
|
|
|
|
- return internalNginx.reload()
|
|
|
- .then(() => {
|
|
|
- logger.info('Renew Complete');
|
|
|
- return result;
|
|
|
- });
|
|
|
- })
|
|
|
- .then(() => {
|
|
|
- // Now go and fetch all the letsencrypt certs from the db and query the files and update expiry times
|
|
|
- return certificateModel
|
|
|
- .query()
|
|
|
- .where('is_deleted', 0)
|
|
|
- .andWhere('provider', 'letsencrypt')
|
|
|
- .then((certificates) => {
|
|
|
- if (certificates && certificates.length) {
|
|
|
- let promises = [];
|
|
|
-
|
|
|
- certificates.map(function (certificate) {
|
|
|
- promises.push(
|
|
|
- internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
|
|
|
- .then((cert_info) => {
|
|
|
- return certificateModel
|
|
|
- .query()
|
|
|
- .where('id', certificate.id)
|
|
|
- .andWhere('provider', 'letsencrypt')
|
|
|
- .patch({
|
|
|
- expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
|
|
|
- });
|
|
|
- })
|
|
|
- .catch((err) => {
|
|
|
- // Don't want to stop the train here, just log the error
|
|
|
- logger.error(err.message);
|
|
|
- })
|
|
|
- );
|
|
|
- });
|
|
|
+ let promises = [];
|
|
|
+
|
|
|
+ certificates.forEach(function (certificate) {
|
|
|
+ const promise = internalCertificate
|
|
|
+ .renew(
|
|
|
+ {
|
|
|
+ can: () =>
|
|
|
+ Promise.resolve({
|
|
|
+ permission_visibility: 'all',
|
|
|
+ }),
|
|
|
+ },
|
|
|
+ { id: certificate.id },
|
|
|
+ )
|
|
|
+ .catch((err) => {
|
|
|
+ // Don't want to stop the train here, just log the error
|
|
|
+ logger.error(err.message);
|
|
|
+ });
|
|
|
|
|
|
- return Promise.all(promises);
|
|
|
- }
|
|
|
- });
|
|
|
+ promises.push(promise);
|
|
|
+ });
|
|
|
+
|
|
|
+ return Promise.all(promises);
|
|
|
})
|
|
|
.then(() => {
|
|
|
internalCertificate.intervalProcessing = false;
|
Stephen Crosby