cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76b2e85ca80bd0e2ef37a5b900a8b92ebeac0ae2
haproxy-manager-base/scripts/renew-certificates.sh
jknapp 76b2e85ca8
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m0s
Details
Fix certificate renewal cron job and add host-side scheduling 
- Fixed crontab permissions (600) and ownership for proper cron execution
- Added PATH environment variable to crontab to prevent command not found issues
- Created dedicated renewal script with comprehensive logging and error handling
- Added retry logic (3 attempts) for HAProxy reload with socket health checks
- Implemented host-side renewal script for external cron scheduling via docker exec
- Added crontab configuration examples for various renewal schedules
- Updated README with detailed certificate renewal documentation

This resolves issues where the cron job would not run or hang during execution.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-28 17:36:48 -07:00

110 lines
3.2 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Certificate Renewal Script for HAProxy Manager
# This script handles Let's Encrypt certificate renewal with proper logging and error handling
set -e
# Configuration
LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager.log}"
ERROR_LOG_FILE="${ERROR_LOG_FILE:-/var/log/haproxy-manager-errors.log}"
HAPROXY_SOCKET="${HAPROXY_SOCKET:-/tmp/haproxy-cli}"
MAX_RETRIES=3
RETRY_DELAY=5
# Logging functions
log_info() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*" | tee -a "$LOG_FILE"
}
log_error() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*" | tee -a "$LOG_FILE" >> "$ERROR_LOG_FILE"
}
log_warning() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [WARNING] $*" | tee -a "$LOG_FILE"
}
# Check if certbot is available
if ! command -v certbot &> /dev/null; then
log_error "certbot command not found"
exit 1
fi
# Check if HAProxy socket exists and is accessible
check_haproxy_socket() {
if [ ! -S "$HAPROXY_SOCKET" ]; then
log_warning "HAProxy socket not found at $HAPROXY_SOCKET"
return 1
fi
# Test socket connectivity
if ! echo "show info" | socat stdio "$HAPROXY_SOCKET" &> /dev/null; then
log_warning "HAProxy socket exists but is not responding"
return 1
fi
return 0
}
# Reload HAProxy configuration
reload_haproxy() {
local retry_count=0
while [ $retry_count -lt $MAX_RETRIES ]; do
if check_haproxy_socket; then
log_info "Reloading HAProxy via socket"
if echo "reload" | socat stdio "$HAPROXY_SOCKET"; then
log_info "HAProxy reloaded successfully"
return 0
else
log_warning "HAProxy reload command failed (attempt $((retry_count + 1))/$MAX_RETRIES)"
fi
else
log_warning "HAProxy socket check failed (attempt $((retry_count + 1))/$MAX_RETRIES)"
fi
retry_count=$((retry_count + 1))
if [ $retry_count -lt $MAX_RETRIES ]; then
sleep $RETRY_DELAY
fi
done
log_error "Failed to reload HAProxy after $MAX_RETRIES attempts"
return 1
}
# Main renewal process
log_info "Starting certificate renewal process"
# Run certbot renewal
if certbot renew --quiet --no-random-sleep-on-renew 2>&1 | tee -a "$LOG_FILE"; then
RENEWAL_EXIT_CODE=${PIPESTATUS[0]}
if [ $RENEWAL_EXIT_CODE -eq 0 ]; then
log_info "Certificate renewal completed successfully"
# Check if any certificates were actually renewed
if grep -q "Cert not yet due for renewal" "$LOG_FILE" 2>/dev/null; then
log_info "No certificates needed renewal at this time"
else
log_info "Certificates were renewed, reloading HAProxy"
if reload_haproxy; then
log_info "Certificate renewal and HAProxy reload completed successfully"
else
log_error "Certificate renewal succeeded but HAProxy reload failed"
exit 1
fi
fi
else
log_error "Certificate renewal failed with exit code $RENEWAL_EXIT_CODE"
exit $RENEWAL_EXIT_CODE
fi
else
log_error "Certificate renewal command failed"
exit 1
fi
log_info "Certificate renewal process completed"
exit 0
Reference in New Issue View Git Blame Copy Permalink