cont the remaining workflow even if the cert is too new to refresh

ssl-update.py

@@ -40,8 +40,8 @@ restart_delay = {
 }
 
 pfx_key_path = {
-    'plex': '/data/plex/certs/certificate.pfx',
+    'plex': pathlib.Path('/data/plex/certs/certificate.pfx'),
-    'jellyfin': '/data/jellyfin/ssl/jellyfin.pfx',
+    'jellyfin': pathlib.Path('/data/jellyfin/ssl/jellyfin.pfx'),
 }
 
 # Cert owning user if different than the name of the service
@@ -163,7 +163,7 @@ def pfx_gen(service):
   except KeyError:
     sys.exit(f'{service} has no defined private key path.')
 
-  cmd = ['/usr/bin/openssl', 'pkcs12', '-export', '-out', pkp,
+  cmd = ['/usr/bin/openssl', 'pkcs12', '-export', '-out', str(pkp),
          '-inkey', f'/etc/letsencrypt/live/{service}.{domain}/privkey.pem',
          '-in', f'/etc/letsencrypt/live/{service}.{domain}/cert.pem',
          '-certfile', f'/etc/letsencrypt/live/{service}.{domain}/chain.pem']
@@ -234,15 +234,24 @@ def run_cert_bot(fqdn, service, challenge_path, decrypt_pp):
   log.info(f'certbot cmd: "{" ".join(cmd)}"')
   cb = pexpect.spawnu(' '.join(cmd))
   cb.logfile = sys.stderr
-  while True:
+  do_update = True
-    res = cb.expect(
+  matches = [
-        ['Create a file containing just this data:\r\n\r\n([^\r]+)\r',
+      'Create a file containing just this data:\r\n\r\n([^\r]+)\r',
       ('You have an existing certificate that has exactly the '
        "same domains or certificate name you requested and isn't "
-          'close to expiry'),'(U)pdate key type/(K)eep existing key type:',
+       'close to expiry'),
-          pexpect.TIMEOUT, pexpect.EOF], timeout=20)
+      '(U)pdate key type/(K)eep existing key type:',
-    if res > 2:
+      'no action taken',
+      pexpect.TIMEOUT,
+      pexpect.EOF]
+  while True:
+    res = cb.expect(matches, timeout=20)
+    print(f'\nresult: {matches[res]}, {res}')
+    if res > 3:
       sys.exit('Timed out')
+    if res == 3:
+      do_update = False
+      break
     if res == 2:
       cb.sendline('U')
       continue
@@ -251,15 +260,17 @@ def run_cert_bot(fqdn, service, challenge_path, decrypt_pp):
       res = cb.expect_exact(['cancel):', pexpect.TIMEOUT, pexpect.EOF])
       if res > 0:
         sys.exit('Timed out in setup with existing cert')
-      cb.sendline('2')
+      cb.sendline('1')
-      res = cb.expect(
+      continue
-          ['Create a file containing just this data:\r\n\r\n([^\r]+)\r',
+      # res = cb.expect(
-           pexpect.TIMEOUT, pexpect.EOF], timeout=20)
+      #     ['Create a file containing just this data:\r\n\r\n([^\r]+)\r',
-      if res > 1:
+      #      pexpect.TIMEOUT, pexpect.EOF], timeout=20)
-        sys.exit('Timed out')
+      # if res > 1:
+      #   sys.exit('Timed out')
     if res == 0:
       break
 
+  if do_update:
     data = cb.match.group(1)
     log.info(f'secret data: {data}')
     log.info('the data string and location for the shared secret are known')
@@ -372,9 +383,6 @@ def main(args):
 
   fqdn = f'{service}.{domain}'
   log.info(f'fqdn: {fqdn}')
-  # Dry run:
-  # cmd = ['/usr/bin/certbot', '--dry-run', 'certonly', '--manual', '-d', fqdn]
-  # Real run:
   run_cert_bot(fqdn, service, challenge_path, decrypt_pp)
   restart(service)
 

update_all

@@ -3,9 +3,9 @@
 declare -a services
 services+=('git')
 services+=('plex')
-# services+=('jellyfin')
+services+=('jellyfin')
 services+=('photoprism')
-services+=('nextcloud')
+# services+=('nextcloud')
 services+=('read')
 services+=('www')
 services+=('chat')