In the current implementation, the config change trigger is no longer set
at boot time. This is because during boot, only the '$CHALLENGE_DIR' is
created with the boot function. The 'start_service' is first called by first
cron call at midnight. This call is installing the service_triggers reload
handling.
To fix this, add a new extra_command 'renew' that is responsible to renew
the acme. This function is called from cron and the start_service
function does the rest.
* Create directories
* Install service reload trigger form acme config change
Fixes: 76f17ab15b (acme-common: Create challenge directory on boot)
Signed-off-by: Florian Eckert <[email protected]>
# shellcheck source=net/acme/files/functions.sh
. "$IPKG_INSTROOT/usr/lib/acme/functions.sh"
+extra_command "renew" "Start a certificate renew"
+
cleanup() {
log debug "cleaning up"
if [ -e $run_dir/lock ]; then
start_service() {
mkdir -p $run_dir
+ mkdir -p "$CHALLENGE_DIR"
+
+ grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null || {
+ echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+ }
+}
+
+service_started() {
+ echo "Certificate renewal enabled via cron. To renew now, run '/etc/init.d/acme renew'."
+}
+
+service_triggers() {
+ procd_add_config_trigger config.change acme \
+ /etc/init.d/acme renew
+}
+
+renew() {
exec 200>$run_dir/lock
if ! flock -n 200; then
log err "Another ACME instance is already running."
config_foreach get_cert cert
}
-
-service_triggers() {
- procd_add_config_trigger config.change acme \
- /etc/init.d/acme start
-}
-
-boot() {
- mkdir -p "$CHALLENGE_DIR"
- return 0
-}
config_foreach handle_cert cert
uci_commit
-grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0
-echo "0 0 * * * /etc/init.d/acme start" >>/etc/crontabs/root
+# Migrate '/etc/init.d/acme start' to '/etc/init.d/acme renew'
+grep -q '/etc/init.d/acme start' /etc/crontabs/root 2>/dev/null && {
+ echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+}
+
+exit 0
projects / feed / packages.git / commitdiff