Remove set -e and database dependency from certificate scripts

Improved certificate renewal and sync scripts to be more resilient: - Removed 'set -e' to prevent silent failures when individual domains error - Scripts now continue processing remaining domains even if one fails - Replaced database queries with direct filesystem scanning of /etc/letsencrypt/live/ - Uses 'find' command to discover all domains with Let's Encrypt certificates - More reliable as it works even if database is out of sync Benefits: - No silent failures - errors are logged but don't stop the entire process - Works independently of database state - Simpler and more straightforward - All domains with certificates get processed regardless of database 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-21 08:50:24 -08:00
parent 1d22d789b8
commit bff18d358b
2 changed files with 2 additions and 17 deletions
--- a/scripts/renew-certificates.sh
+++ b/scripts/renew-certificates.sh
@@ -3,8 +3,6 @@
 # Certificate Renewal Script for HAProxy Manager
 # This script runs certbot renew and copies certificates to HAProxy format

-set -e
-
 # Configuration
 LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager.log}"
 ERROR_LOG_FILE="${ERROR_LOG_FILE:-/var/log/haproxy-manager-errors.log}"
@@ -31,16 +29,11 @@ else
 fi

 # Copy all certificates to HAProxy format
-if [ ! -f "$DB_FILE" ]; then
-    log_error "Database file not found at $DB_FILE"
-    exit 1
-fi
-
 # Ensure SSL certs directory exists
 mkdir -p "$SSL_CERTS_DIR"

 # Get all SSL-enabled domains from database
-DOMAINS=$(sqlite3 "$DB_FILE" "SELECT domain FROM domains WHERE ssl_enabled = 1;" 2>/dev/null)
+DOMAINS=$(find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n')

 if [ -z "$DOMAINS" ]; then
    log_info "No SSL-enabled domains found"