luke/ssl-update
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix bug that didnt disable http, remove old services

Browse Source
This commit is contained in:
LuKe Tidd 2025-03-22 13:28:40 -04:00
parent e31ec00d3d
commit 1e0ca4c7d5
Signed by: luke
GPG Key ID: 75D6600BEF4E8E8F
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ssl-update.py
View File

@ -24,14 +24,10 @@ server_user = 'luke'
domain = 'drheck.dev' domain = 'drheck.dev'
supported_services = [ supported_services = [
'chat',
'git', 'git',
'jellyfin',
'nextcloud',
'photoprism', 'photoprism',
'plex', 'plex',
'read', 'read',
'sync',
'www', 'www',
] ]
@ -75,7 +71,7 @@ remote = {
} }
def firewall_mod(state, service, decrypt_pp): def firewall_mod(state, service, decrypt_pp):
os.environ['state'] = 'HTTP_UP' os.environ['state'] = state
os.environ['ssl_service'] = service os.environ['ssl_service'] = service
cmd = ['/usr/bin/ssh', '-i', firewall_key, '-o', cmd = ['/usr/bin/ssh', '-i', firewall_key, '-o',
'SendEnv=state', '-o', 'SendEnv=ssl_service', '-l', firewall_user, 'SendEnv=state', '-o', 'SendEnv=ssl_service', '-l', firewall_user,
@ -236,20 +232,21 @@ def run_cert_bot(fqdn, service, challenge_path, decrypt_pp):
cb.logfile = sys.stderr cb.logfile = sys.stderr
do_update = True do_update = True
matches = [ matches = [
'Create a file containing just this data:\r\n\r\n([^\r]+)\r', 'Create a file containing just this data:\r\n\r\n([^\r]+)\r', # 0
('You have an existing certificate that has exactly the ' ('You have an existing certificate that has exactly the ' # 1
"same domains or certificate name you requested and isn't " "same domains or certificate name you requested and isn't "
'close to expiry'), 'close to expiry'),
'(U)pdate key type/(K)eep existing key type:', '(U)pdate key type/(K)eep existing key type:', # 2
'no action taken', 'no action taken', # 3
'No such authorization', # 4
pexpect.TIMEOUT, pexpect.TIMEOUT,
pexpect.EOF] pexpect.EOF]
while True: while True:
res = cb.expect(matches, timeout=20) res = cb.expect(matches, timeout=20)
print(f'\nresult: {matches[res]}, {res}') print(f'\nresult: {matches[res]}, {res}')
if res > 3: if res > 4:
sys.exit('Timed out') sys.exit('Timed out')
if res == 3: if res == 3 or res == 4:
do_update = False do_update = False
break break
if res == 2: if res == 2:
@ -365,8 +362,8 @@ def run_cert_bot(fqdn, service, challenge_path, decrypt_pp):
def main(args): def main(args):
logging.basicConfig(level=os.environ.get("LOGLEVEL", "WARNING")) # logging.basicConfig(level=os.environ.get("LOGLEVEL", "WARNING"))
#logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO")) logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO"))
log.info(f'program start: {sys.argv}') log.info(f'program start: {sys.argv}')
if len(args) != 1: if len(args) != 1:
sys.exit(f'Give a service to renew: {", ".join(supported_services)} ') sys.exit(f'Give a service to renew: {", ".join(supported_services)} ')