Merge pull request #60 from linuxserver/zerocheck

aptalca · web-flow · commit d9f3a34a429f · 2021-01-20T10:41:21.000-05:00
Add check for ZeroSSL EAB retrieval
diff --git a/README.md b/README.md
@@ -326,6 +326,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **20.01.21:** - Add check for ZeroSSL EAB retrieval.
 * **08.01.21:** - Add support for getting certs from [ZeroSSL](https://zerossl.com/) via optional `CERTPROVIDER` env var. Update aliyun, domeneshop, inxw and transip dns plugins with the new plugin names. Hide `donoteditthisfile.conf` because users were editing it despite its name. Suppress harmless error when no proxy confs are enabled.
 * **03.01.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) /config/nginx/site-confs/default - Add helper pages to aid troubleshooting
 * **10.12.20:** - Add support for njalla dns validation
diff --git a/readme-vars.yml b/readme-vars.yml
@@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
+  - { date: "20.01.21:", desc: "Add check for ZeroSSL EAB retrieval." }
   - { date: "08.01.21:", desc: "Add support for getting certs from [ZeroSSL](https://zerossl.com/) via optional `CERTPROVIDER` env var. Update aliyun, domeneshop, inxw and transip dns plugins with the new plugin names. Hide `donoteditthisfile.conf` because users were editing it despite its name. Suppress harmless error when no proxy confs are enabled." }
   - { date: "03.01.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) /config/nginx/site-confs/default - Add helper pages to aid troubleshooting" }
   - { date: "10.12.20:", desc: "Add support for njalla dns validation" }
diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
@@ -255,6 +255,10 @@ if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "
     REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$ORIGEMAIL")
     REV_ZEROSSL_EAB_KID=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
     REV_ZEROSSL_EAB_HMAC_KEY=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+    if [ -z "$REV_ZEROSSL_EAB_KID" ] || or [ -z "$REV_ZEROSSL_EAB_HMAC_KEY" ]; then
+      echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
+      sleep infinity
+    fi
     REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
   elif [ "$ORIGSTAGING" = "true" ]; then
     REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
@@ -283,6 +287,10 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
     EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL")
     ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
     ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+    if [ -z "$ZEROSSL_EAB_KID" ] || or [ -z "$ZEROSSL_EAB_HMAC_KEY" ]; then
+      echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
+      sleep infinity
+    fi
     ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
   fi
   echo "Generating new certificate"
