Use the letsencrypt renewal process

2018-01-04 14:31:18 +10:00 · 2018-01-04 14:31:18 +10:00 · 61820840e0
commit 61820840e0
parent 91c2281237
1 changed files with 20 additions and 3 deletions
--- a/manager/src/backend/internal/ssl.js
+++ b/manager/src/backend/internal/ssl.js
@ -39,11 +39,14 @@ const internalSsl = {
                            // This host is due to expire in 1 day, time to renew
                            logger.info('Host ' + host.hostname + ' is due for SSL renewal');

-                            internalSsl.configureSsl(host)
+                            internalSsl.renewSsl(host)
                                .then(() => {
-                                    return internalNginx.generateConfig(host);
+                                    // Certificate was requested ok, update the timestamp on the host
+                                    db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {
+                                        multi:  false,
+                                        upsert: false
+                                    });
                                })
-                                .then(internalNginx.reload)
                                .then(next)
                                .catch(err => {
                                    logger.error(err);
@ -88,6 +91,20 @@ const internalSsl = {
            });
    },

+    /**
+     * @param   {Object}  host
+     * @returns {Promise}
+     */
+    renewSsl: host => {
+        logger.info('Renewing SSL certificates for ' + host.hostname);
+
+        return utils.exec('/usr/bin/letsencrypt renew --force-renewal --disable-hook-validation --cert-name "' + host.hostname + '"')
+            .then(result => {
+                logger.info(result);
+                return result;
+            });
+    },
+
    /**
     * @param   {Object}  host
     * @returns {Promise}