summaryrefslogtreecommitdiff
path: root/lib/leap_cli/commands/ca.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/leap_cli/commands/ca.rb')
-rw-r--r--lib/leap_cli/commands/ca.rb27
1 files changed, 24 insertions, 3 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index d9ffa6a4..3c5fc7d5 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -225,12 +225,25 @@ module LeapCli; module Commands
end
end
+ def assert_no_errors!(msg)
+ yield
+ rescue StandardError => exc
+ bail! :error, msg do
+ log exc.to_s
+ end
+ end
+
def do_renew_cert(global, options, args)
require 'leap_cli/acme'
require 'leap_cli/ssh'
require 'socket'
require 'net/http'
+ csr = nil
+ account_key = nil
+ cert = nil
+ acme = nil
+
#
# sanity check the domain
#
@@ -243,10 +256,14 @@ module LeapCli; module Commands
#
assert_files_exist!([:commercial_key, domain], [:commercial_csr, domain],
:msg => 'Please create the CSR first with `leap cert csr %s`' % domain)
- csr = Acme.load_csr(read_file!([:commercial_csr, domain]))
+ assert_no_errors!("Could not load #{path([:commercial_csr, domain])}") do
+ csr = Acme.load_csr(read_file!([:commercial_csr, domain]))
+ end
assert_files_exist!(:acme_key,
:msg => "Please run `leap cert register` first. This only needs to be done once.")
- account_key = Acme.load_private_key(read_file!(:acme_key))
+ assert_no_errors!("Could not load #{path(:acme_key)}") do
+ account_key = Acme.load_private_key(read_file!(:acme_key))
+ end
#
# check authorization for this domain
@@ -272,8 +289,12 @@ module LeapCli; module Commands
end
log :fetching, "new certificate from letsencrypt.org"
- cert = acme.get_certificate(csr)
+ assert_no_errors!("could not renew certificate") do
+ cert = acme.get_certificate(csr)
+ end
+ log 'success', color: :green, style: :bold
write_file!([:commercial_cert, domain], cert.fullchain_to_pem)
+ log 'You should now run `leap deploy` to deploy the new certificate.'
end
#