Simplify certificate renewal scripts and add certbot cleanup
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 59s
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 59s
Simplified all certificate renewal scripts to be more straightforward and reliable: - Scripts now just run certbot renew and copy cert+key files to HAProxy format - Removed overly complex retry logic and error handling - Both in-container and host-side scripts work with cron scheduling Added automatic certbot cleanup when domains are removed: - When a domain is deleted via API, certbot certificate is also removed - Prevents renewal errors for domains that no longer exist in HAProxy - Cleans up both HAProxy combined cert and Let's Encrypt certificate Script changes: - renew-certificates.sh: Simplified to 87 lines (from 215) - sync-certificates.sh: Simplified to 79 lines (from 200+) - host-renew-certificates.sh: Simplified to 36 lines (from 40) - All scripts use same pattern: query DB, copy certs, reload HAProxy Python changes: - remove_domain() now calls 'certbot delete' to remove certificates - Prevents orphaned certificates from causing renewal failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -1,16 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Host-side Certificate Renewal Script
|
||||
# This script can be run from the host machine via cron to trigger certificate renewal
|
||||
# inside the HAProxy Manager container using docker exec
|
||||
# Run this from the host machine via cron to trigger certificate renewal inside the container
|
||||
|
||||
set -e
|
||||
|
||||
# Configuration - Customize these values
|
||||
# Configuration
|
||||
CONTAINER_NAME="${CONTAINER_NAME:-haproxy-manager}"
|
||||
LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager-host-renewal.log}"
|
||||
|
||||
# Logging functions
|
||||
# Logging
|
||||
log_info() {
|
||||
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*" | tee -a "$LOG_FILE"
|
||||
}
|
||||
@@ -19,8 +18,7 @@ log_error() {
|
||||
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*" | tee -a "$LOG_FILE"
|
||||
}
|
||||
|
||||
# Main execution
|
||||
log_info "Starting host-side certificate renewal process"
|
||||
log_info "Starting certificate renewal"
|
||||
|
||||
# Check if container is running
|
||||
if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
|
||||
@@ -28,10 +26,9 @@ if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Execute renewal script inside container
|
||||
log_info "Executing renewal script in container '${CONTAINER_NAME}'"
|
||||
# Run renewal script inside container
|
||||
if docker exec "$CONTAINER_NAME" /haproxy/scripts/renew-certificates.sh; then
|
||||
log_info "Certificate renewal completed successfully"
|
||||
log_info "Certificate renewal completed"
|
||||
exit 0
|
||||
else
|
||||
log_error "Certificate renewal failed"
|
||||
|
||||
Reference in New Issue
Block a user