Add better error handling and verbosity to Certbot setup
This commit is contained in:
@@ -134,18 +134,75 @@ fi
|
|||||||
domain_args="-d $domains"
|
domain_args="-d $domains"
|
||||||
echo "Requesting certificates for: $domains"
|
echo "Requesting certificates for: $domains"
|
||||||
|
|
||||||
|
# First check DNS resolution
|
||||||
|
echo "Checking DNS for $domains..."
|
||||||
|
host $domains
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "WARNING: DNS resolution failed for $domains. This may cause certificate issuance to fail."
|
||||||
|
echo "Make sure your domain is correctly pointed to this server's IP address."
|
||||||
|
read -p "Continue anyway? (y/n): " continue_dns
|
||||||
|
if [[ "$continue_dns" != [Yy]* ]]; then
|
||||||
|
echo "Aborting certificate request."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if port 80 is publicly accessible
|
||||||
|
echo "Checking if port 80 is accessible..."
|
||||||
|
nc -z -w 5 $domains 80
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "WARNING: Port 80 doesn't seem to be accessible on $domains."
|
||||||
|
echo "Let's Encrypt needs port 80 accessible for domain validation."
|
||||||
|
read -p "Continue anyway? (y/n): " continue_port
|
||||||
|
if [[ "$continue_port" != [Yy]* ]]; then
|
||||||
|
echo "Aborting certificate request."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Clean up any existing certificates for this domain first
|
||||||
|
echo "Cleaning up any existing certificates..."
|
||||||
|
docker-compose run --rm --entrypoint "\
|
||||||
|
rm -rf /etc/letsencrypt/live/$domains && \
|
||||||
|
rm -rf /etc/letsencrypt/archive/$domains && \
|
||||||
|
rm -rf /etc/letsencrypt/renewal/$domains.conf" certbot || true
|
||||||
|
|
||||||
|
# Run certbot with verbose output
|
||||||
|
echo "Running certbot with verbose output..."
|
||||||
docker-compose run --rm --entrypoint "\
|
docker-compose run --rm --entrypoint "\
|
||||||
certbot certonly --webroot -w /var/www/certbot \
|
certbot certonly --webroot -w /var/www/certbot \
|
||||||
$staging_arg \
|
$staging_arg \
|
||||||
--email $email \
|
--email $email \
|
||||||
--agree-tos \
|
--agree-tos \
|
||||||
--no-eff-email \
|
--no-eff-email \
|
||||||
--force-renewal \
|
--verbose \
|
||||||
$domain_args" certbot
|
$domain_args" certbot
|
||||||
|
|
||||||
|
certbot_exit=$?
|
||||||
|
|
||||||
|
# Show logs if there was an error
|
||||||
|
if [ $certbot_exit -ne 0 ]; then
|
||||||
|
echo "Certificate issuance failed with exit code: $certbot_exit"
|
||||||
|
echo "Showing certbot logs:"
|
||||||
|
docker-compose run --rm --entrypoint "cat /var/log/letsencrypt/letsencrypt.log" certbot
|
||||||
|
|
||||||
|
echo "
|
||||||
|
Troubleshooting tips:"
|
||||||
|
echo "1. Make sure your domain ($domains) points to this server's IP"
|
||||||
|
echo "2. Check if port 80 is open in your firewall"
|
||||||
|
echo "3. If using a cloud provider, ensure port 80 is allowed in security groups"
|
||||||
|
echo "4. Try running in staging mode for testing: STAGING=1 ./init-letsencrypt.sh"
|
||||||
|
|
||||||
|
read -p "Would you like to continue with the deployment anyway? (y/n): " continue_deploy
|
||||||
|
if [[ "$continue_deploy" != [Yy]* ]]; then
|
||||||
|
echo "Aborting deployment."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Check if certificates were obtained successfully
|
# Check if certificates were obtained successfully
|
||||||
if [ ! -d "./data/certbot/conf/live/$domains" ]; then
|
if [ ! -d "./data/certbot/conf/live/$domains" ]; then
|
||||||
echo "Certificate issuance failed! Check logs above."
|
echo "Certificate directory not found after certbot run."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user