From bff18d358b48e252e64f21fc39c8cd0ff0eb4151 Mon Sep 17 00:00:00 2001 From: Josh Knapp Date: Fri, 21 Nov 2025 08:50:24 -0800 Subject: [PATCH] Remove set -e and database dependency from certificate scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improved certificate renewal and sync scripts to be more resilient: - Removed 'set -e' to prevent silent failures when individual domains error - Scripts now continue processing remaining domains even if one fails - Replaced database queries with direct filesystem scanning of /etc/letsencrypt/live/ - Uses 'find' command to discover all domains with Let's Encrypt certificates - More reliable as it works even if database is out of sync Benefits: - No silent failures - errors are logged but don't stop the entire process - Works independently of database state - Simpler and more straightforward - All domains with certificates get processed regardless of database 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- scripts/renew-certificates.sh | 9 +-------- scripts/sync-certificates.sh | 10 +--------- 2 files changed, 2 insertions(+), 17 deletions(-) diff --git a/scripts/renew-certificates.sh b/scripts/renew-certificates.sh index 9668636..c35d233 100644 --- a/scripts/renew-certificates.sh +++ b/scripts/renew-certificates.sh @@ -3,8 +3,6 @@ # Certificate Renewal Script for HAProxy Manager # This script runs certbot renew and copies certificates to HAProxy format -set -e - # Configuration LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager.log}" ERROR_LOG_FILE="${ERROR_LOG_FILE:-/var/log/haproxy-manager-errors.log}" @@ -31,16 +29,11 @@ else fi # Copy all certificates to HAProxy format -if [ ! -f "$DB_FILE" ]; then - log_error "Database file not found at $DB_FILE" - exit 1 -fi - # Ensure SSL certs directory exists mkdir -p "$SSL_CERTS_DIR" # Get all SSL-enabled domains from database -DOMAINS=$(sqlite3 "$DB_FILE" "SELECT domain FROM domains WHERE ssl_enabled = 1;" 2>/dev/null) +DOMAINS=$(find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n') if [ -z "$DOMAINS" ]; then log_info "No SSL-enabled domains found" diff --git a/scripts/sync-certificates.sh b/scripts/sync-certificates.sh index bc0a751..4743cb0 100755 --- a/scripts/sync-certificates.sh +++ b/scripts/sync-certificates.sh @@ -3,8 +3,6 @@ # Certificate Sync Script for HAProxy Manager # This script syncs all Let's Encrypt certificates to HAProxy format without running certbot renew -set -e - # Configuration LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager.log}" ERROR_LOG_FILE="${ERROR_LOG_FILE:-/var/log/haproxy-manager-errors.log}" @@ -22,17 +20,11 @@ log_error() { log_info "Starting certificate sync process" -# Check if database exists -if [ ! -f "$DB_FILE" ]; then - log_error "Database file not found at $DB_FILE" - exit 1 -fi - # Ensure SSL certs directory exists mkdir -p "$SSL_CERTS_DIR" # Get all SSL-enabled domains from database -DOMAINS=$(sqlite3 "$DB_FILE" "SELECT domain FROM domains WHERE ssl_enabled = 1;" 2>/dev/null) +DOMAINS=$(find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n') if [ -z "$DOMAINS" ]; then log_info "No SSL-enabled domains found"