From 601f4180ae6cfffb14aa2399a927bd15d403f998 Mon Sep 17 00:00:00 2001
From: hex <hex@punk.lgbt>
Date: Tue, 20 May 2025 18:48:28 -0700
Subject: [PATCH] Add better error handling and verbosity to Certbot setup

---
 init-letsencrypt.sh | 61 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 59 insertions(+), 2 deletions(-)

diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh
index c347a7c..656c8ef 100755
--- a/init-letsencrypt.sh
+++ b/init-letsencrypt.sh
@@ -134,18 +134,75 @@ fi
 domain_args="-d $domains"
 echo "Requesting certificates for: $domains"
 
+# First check DNS resolution
+echo "Checking DNS for $domains..."
+host $domains
+if [ $? -ne 0 ]; then
+  echo "WARNING: DNS resolution failed for $domains. This may cause certificate issuance to fail."
+  echo "Make sure your domain is correctly pointed to this server's IP address."
+  read -p "Continue anyway? (y/n): " continue_dns
+  if [[ "$continue_dns" != [Yy]* ]]; then
+    echo "Aborting certificate request."
+    exit 1
+  fi
+fi
+
+# Check if port 80 is publicly accessible
+echo "Checking if port 80 is accessible..."
+nc -z -w 5 $domains 80
+if [ $? -ne 0 ]; then
+  echo "WARNING: Port 80 doesn't seem to be accessible on $domains."
+  echo "Let's Encrypt needs port 80 accessible for domain validation."
+  read -p "Continue anyway? (y/n): " continue_port
+  if [[ "$continue_port" != [Yy]* ]]; then
+    echo "Aborting certificate request."
+    exit 1
+  fi
+fi
+
+# Clean up any existing certificates for this domain first
+echo "Cleaning up any existing certificates..."
+docker-compose run --rm --entrypoint "\
+  rm -rf /etc/letsencrypt/live/$domains && \
+  rm -rf /etc/letsencrypt/archive/$domains && \
+  rm -rf /etc/letsencrypt/renewal/$domains.conf" certbot || true
+
+# Run certbot with verbose output
+echo "Running certbot with verbose output..."
 docker-compose run --rm --entrypoint "\
   certbot certonly --webroot -w /var/www/certbot \
     $staging_arg \
     --email $email \
     --agree-tos \
     --no-eff-email \
-    --force-renewal \
+    --verbose \
     $domain_args" certbot
 
+certbot_exit=$?
+
+# Show logs if there was an error
+if [ $certbot_exit -ne 0 ]; then
+  echo "Certificate issuance failed with exit code: $certbot_exit"
+  echo "Showing certbot logs:"
+  docker-compose run --rm --entrypoint "cat /var/log/letsencrypt/letsencrypt.log" certbot
+  
+  echo "
+Troubleshooting tips:"
+  echo "1. Make sure your domain ($domains) points to this server's IP"
+  echo "2. Check if port 80 is open in your firewall"
+  echo "3. If using a cloud provider, ensure port 80 is allowed in security groups"
+  echo "4. Try running in staging mode for testing: STAGING=1 ./init-letsencrypt.sh"
+  
+  read -p "Would you like to continue with the deployment anyway? (y/n): " continue_deploy
+  if [[ "$continue_deploy" != [Yy]* ]]; then
+    echo "Aborting deployment."
+    exit 1
+  fi
+fi
+
 # Check if certificates were obtained successfully
 if [ ! -d "./data/certbot/conf/live/$domains" ]; then
-  echo "Certificate issuance failed! Check logs above."
+  echo "Certificate directory not found after certbot run."
   exit 1
 fi