fix bug that didnt disable http, remove old services

2025-03-22 13:28:40 -04:00 · 2025-03-22 13:28:40 -04:00 · 1e0ca4c7d5
commit 1e0ca4c7d5
parent e31ec00d3d
1 changed files with 10 additions and 13 deletions
--- a/ssl-update.py
+++ b/ssl-update.py
@ -24,14 +24,10 @@ server_user = 'luke'
 domain = 'drheck.dev'

 supported_services = [
-  'chat',
  'git',
-  'jellyfin',
-  'nextcloud',
  'photoprism',
  'plex',
  'read',
-  'sync',
  'www',
 ]

@ -75,7 +71,7 @@ remote = {
 }

 def firewall_mod(state, service, decrypt_pp):
-  os.environ['state'] = 'HTTP_UP'
+  os.environ['state'] = state
  os.environ['ssl_service'] = service
  cmd = ['/usr/bin/ssh', '-i', firewall_key, '-o',
         'SendEnv=state', '-o', 'SendEnv=ssl_service', '-l', firewall_user,
@ -236,20 +232,21 @@ def run_cert_bot(fqdn, service, challenge_path, decrypt_pp):
  cb.logfile = sys.stderr
  do_update = True
  matches = [
-      'Create a file containing just this data:\r\n\r\n([^\r]+)\r',
-      ('You have an existing certificate that has exactly the '
+      'Create a file containing just this data:\r\n\r\n([^\r]+)\r', # 0
+      ('You have an existing certificate that has exactly the '     # 1
       "same domains or certificate name you requested and isn't "
       'close to expiry'),
-      '(U)pdate key type/(K)eep existing key type:',
-      'no action taken',
+      '(U)pdate key type/(K)eep existing key type:',                # 2
+      'no action taken',                                            # 3
+      'No such authorization',                                      # 4
      pexpect.TIMEOUT,
      pexpect.EOF]
  while True:
    res = cb.expect(matches, timeout=20)
    print(f'\nresult: {matches[res]}, {res}')
-    if res > 3:
+    if res > 4:
      sys.exit('Timed out')
-    if res == 3:
+    if res == 3 or res == 4:
      do_update = False
      break
    if res == 2:
@ -365,8 +362,8 @@ def run_cert_bot(fqdn, service, challenge_path, decrypt_pp):


 def main(args):
-  logging.basicConfig(level=os.environ.get("LOGLEVEL", "WARNING"))
-  #logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO"))
+  # logging.basicConfig(level=os.environ.get("LOGLEVEL", "WARNING"))
+  logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO"))
  log.info(f'program start: {sys.argv}')
  if len(args) != 1:
    sys.exit(f'Give a service to renew: {", ".join(supported_services)} ')