Fixes

fredrikekre · fredrikekre · commit d01a19d6f31c · 2025-05-22T16:08:06.000+02:00
diff --git a/examples/config.yml b/examples/config.yml
@@ -6,9 +6,6 @@ nginx-certbot:
   # Certificate renewal interval. Falls back to the RENEWAL_INTERVAL environment variable
   # or, if that is unset, to '8d'.
   renewal-interval: 8d
-  # Boolean to enable nginx debug mode and more verbose logging output. Falls back to the
-  # DEBUG environment variable or, if that is unset, to 'false'.
-  debug: false
 
 # Certbot parameters.
 certbot:
diff --git a/src/scripts/create_dhparams.sh b/src/scripts/create_dhparams.sh
@@ -11,6 +11,15 @@ set -e
 # The created file should be stored somewhere under /etc/letsencrypt/dhparams/
 # to ensure persistence between restarts.
 create_dhparam() {
+    # Read dhparam-size from config file, falling back to DHPARAM_SIZE environment variable.
+    local CONFIG_FILE="${NGINX_CERTBOT_CONFIG_FILE:-/etc/nginx-certbot/config.yml}"
+    if [ -f "${CONFIG_FILE}" ]; then
+        YAML_DHPARAM_SIZE=$(shyaml get-value nginx-certbot.dhparam-size '' < "${CONFIG_FILE}")
+        if [ -n "${YAML_DHPARAM_SIZE}" ]; then
+            DHPARAM_SIZE=${YAML_DHPARAM_SIZE}
+            debug "Using nginx-certbot.dhparam-size=${DHPARAM_SIZE} from config file."
+        fi
+    fi
     if [ -z "${DHPARAM_SIZE}" ]; then
         debug "DHPARAM_SIZE unset, using default of 2048 bits"
         DHPARAM_SIZE=2048
diff --git a/src/scripts/run_certbot.sh b/src/scripts/run_certbot.sh
@@ -8,6 +8,7 @@ info "Starting certificate renewal process"
 
 # If we have a config file we parse it and let definitions within take
 # precedence over any environment variables.
+CONFIG_FILE="${NGINX_CERTBOT_CONFIG_FILE:-/etc/nginx-certbot/config.yml}"
 if [ -f "${CONFIG_FILE}" ]; then
     certbot_authenticator="$(shyaml get-value certbot.authenticator '' < "${CONFIG_FILE}")"
     certbot_elliptic_curve="$(shyaml get-value certbot.elliptic-curve '' < "${CONFIG_FILE}")"
diff --git a/src/scripts/start_nginx_certbot.sh b/src/scripts/start_nginx_certbot.sh
@@ -21,37 +21,18 @@ trap "clean_exit" EXIT
 # Source "util.sh" so we can have our nice tools.
 . "$(cd "$(dirname "$0")"; pwd)/util.sh"
 
-# Configuration file
-if [ -n "${NGINX_CERTBOT_CONFIG_FILE}" ] && [ ! -f "${NGINX_CERTBOT_CONFIG_FILE}" ]; then
-    # If the variable is set but the file doesn't exist we error out since this
-    # is most likely a user error.
-    error "NGINX_CERTBOT_CONFIG_FILE is configured but '${NGINX_CERTBOT_CONFIG_FILE}' does not exist, exiting"
-    exit 1
-fi
-export CONFIG_FILE="${NGINX_CERTBOT_CONFIG_FILE:-/etc/nginx-certbot/config.yml}"
-
-# If the config file exist we extract configuration from it and override any corresponding environment variables:
-#   - nginx-certbot.debug overrides DEBUG
-#   - nginx-certbot.dhparam-size overrides DHPARAM_SIZE
-#   - nginx-certbot.renewal-interval overrides RENEWAL_INTERVAL
-if [ -f "${CONFIG_FILE}" ]; then
-    debug "Configuration file '${CONFIG_FILE}' exist."
-    YAML_DEBUG=$(shyaml get-value nginx-certbot.debug '' < "${CONFIG_FILE}")
-    if [ "${YAML_DEBUG}" == "True" ] || [ "${YAML_DEBUG}" == "1" ]; then
-        export DEBUG=1
-    elif [ "${YAML_DEBUG}" == "False" ] || [ "${YAML_DEBUG}" == "0" ]; then
-        export DEBUG=0
-    fi
-    YAML_DHPARAM_SIZE=$(shyaml get-value nginx-certbot.dhparam-size '' < "${CONFIG_FILE}")
-    if [ -n "${YAML_DHPARAM_SIZE}" ]; then
-        export DHPARAM_SIZE=${YAML_DHPARAM_SIZE}
-    fi
-    YAML_RENEWAL_INTERVAL=$(shyaml get-value nginx-certbot.renewal-interval '' < "${CONFIG_FILE}")
-    if [ -n "${YAML_RENEWAL_INTERVAL}" ]; then
-        export RENEWAL_INTERVAL=${YAML_RENEWAL_INTERVAL}
+# Configuration file from NGINX_CERTBOT_CONFIG_FILE environment variable. We make some noise
+# here during startup if the variable is set to a file that doesn't exist since this is most
+# likely a user error.
+CONFIG_FILE="${NGINX_CERTBOT_CONFIG_FILE:-/etc/nginx-certbot/config.yml}"
+if [ ! -f "${CONFIG_FILE}" ]; then
+    if [ -n "${NGINX_CERTBOT_CONFIG_FILE}" ]; then
+        warning "NGINX_CERTBOT_CONFIG_FILE is configured but '${CONFIG_FILE}' does not exist."
+    else
+        debug "Configuration file '${CONFIG_FILE}' doesn't exist."
     fi
 else
-    debug "Configuration file '${CONFIG_FILE}' doesn't exist. Falling back to environment variables and default values."
+    debug "Configuration file '${CONFIG_FILE}' exist."
 fi
 
 # If the environment variable `DEBUG=1` is set, then this message is printed.
@@ -76,6 +57,15 @@ fi
 debug "PID of the main Nginx process: ${NGINX_PID}"
 
 # Make sure a renewal interval is set before continuing.
+# If we have a config file with 'nginx-certbot.renewal-interval' set we let that override
+# the RENEWAL_INTERVAL environment variable
+if [ -f "${CONFIG_FILE}" ]; then
+    YAML_RENEWAL_INTERVAL=$(shyaml get-value nginx-certbot.renewal-interval '' < "${CONFIG_FILE}")
+    if [ -n "${YAML_RENEWAL_INTERVAL}" ]; then
+        RENEWAL_INTERVAL=${YAML_RENEWAL_INTERVAL}
+        debug "Using nginx-certbot.renewal-interval=${RENEWAL_INTERVAL} from config file."
+    fi
+fi
 if [ -z "${RENEWAL_INTERVAL}" ]; then
     debug "RENEWAL_INTERVAL unset, using default of '8d'"
     RENEWAL_INTERVAL='8d'
