diff options
author | elijah <elijah@riseup.net> | 2017-05-26 16:41:51 -0700 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2017-05-30 17:21:52 -0400 |
commit | 1e463c6638a05a237d660f458f5a147353be3fc1 (patch) | |
tree | 66eb49ffa0c44882d8a380795bbaa36003907911 /lib | |
parent | 2533f6f978bd3f0ee8187ee8827eb94b7e696377 (diff) |
static - support for renewing certs with let's encrypt for static sites
Diffstat (limited to 'lib')
-rw-r--r-- | lib/leap_cli/commands/cert.rb | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/lib/leap_cli/commands/cert.rb b/lib/leap_cli/commands/cert.rb index 1c67ae67..81f45eb5 100644 --- a/lib/leap_cli/commands/cert.rb +++ b/lib/leap_cli/commands/cert.rb @@ -337,31 +337,41 @@ module LeapCli; module Commands # This method will bail if any checks fail. # def domain_ready_for_acme!(domain) - begin - uri = URI("https://#{domain}/.well-known/acme-challenge/ok") - options = { - use_ssl: true, - open_timeout: 5, - verify_mode: OpenSSL::SSL::VERIFY_NONE - } - Net::HTTP.start(uri.host, uri.port, options) do |http| - http.request(Net::HTTP::Get.new(uri)) do |response| - if !response.is_a?(Net::HTTPSuccess) - bail!(:error, "Could not GET %s" % uri) do - log "%s %s" % [response.code, response.message] - log "You may need to run `leap deploy`" - end + uri = URI("https://#{domain}/.well-known/acme-challenge/ok") + options = { + use_ssl: true, + open_timeout: 5, + verify_mode: OpenSSL::SSL::VERIFY_NONE + } + http_get(uri, options) + end + + private + + def http_get(uri, options, limit = 10) + raise ArgumentError, "HTTP redirect too deep (#{uri})" if limit == 0 + Net::HTTP.start(uri.host, uri.port, options) do |http| + http.request(Net::HTTP::Get.new(uri)) do |response| + case response + when Net::HTTPSuccess then + return response + when Net::HTTPRedirection then + return http_get(URI(response['location']), options, limit - 1) + else + bail!(:error, "Could not GET %s" % uri) do + log "%s %s" % [response.code, response.message] + log "You may need to run `leap deploy`" end end end - rescue Errno::ETIMEDOUT, Net::OpenTimeout - bail! :error, "Connection attempt timed out: %s" % uri - rescue Interrupt - bail! - rescue StandardError => exc - bail!(:error, "Could not GET %s" % uri) do - log exc.to_s - end + end + rescue Errno::ETIMEDOUT, Net::OpenTimeout + bail! :error, "Connection attempt timed out: %s" % uri + rescue Interrupt + bail! + rescue StandardError => exc + bail!(:error, "Could not GET %s" % uri) do + log exc.to_s end end |