fix: Fixes LE script on existing cert. (#12223)

* fix: Fixes LE script on existing cert. Updates jaas shown message. * squash: Make sure .well-known folder exists. * squash: Fix LE when running apt commands with sudo. Forces acme.sh to work when it detects sudo. * squash: Change jaas message on install. * squash: Uses issue return code to check for existing cert.
2022-09-22 10:08:32 -04:00 · 2022-09-22 10:08:32 -04:00 · d61d47fae3
parent 2cb9596536
commit d61d47fae3
4 changed files with 23 additions and 16 deletions
--- a/debian/jitsi-meet-web-config.postinst
+++ b/debian/jitsi-meet-web-config.postinst
@ -227,8 +227,9 @@ case "$1" in
        if [[ "$ISSUE_LE_CERT" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
            /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME || true
        fi
+        JAAS_REG_ERROR=0
        if [[ "${JAAS_INPUT}" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
-            /usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || true
+            /usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || JAAS_REG_ERROR=$?
        fi

        echo ""
@ -239,16 +240,16 @@ case "$1" in
        echo "    .xMMMMNxkNc"
        echo "     dMMMMMkxXc"
        echo "     cNMMMNl.."
-        if [ "${JAAS_INPUT}" != "true" ]; then
+        if [ "${JAAS_INPUT}" != "true" ] || [ ${JAAS_REG_ERROR} -ne 0 ]; then
            echo "     .kMMMX;             Interested in adding telephony to your Jitsi meetings?"
            echo "      ;XMMMO'"
            echo "       lNMMWO'           Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
            echo "        lNMMM0,                        and follow the guide in the dev console."
        else
            echo "     .kMMMX;"
-            echo "      ;XMMMO'            Don't forget to sign up on"
-            echo "       lNMMWO'             https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
-            echo "        lNMMM0,              in order to add telephony to your Jitsi meetings!"
+            echo "      ;XMMMO'            Congratulations! Now you can use telephony in your Jitsi meetings!"
+            echo "       lNMMWO'             We have created a free JaaS (Jitsi as a Service) account for you. "
+            echo "        lNMMM0,              You can login to https://jaas.8x8.vc/components to check our developer console and your account details."
        fi
        echo "         lXMMMK:."
        echo "          ;KMMMNKd.  'oo,"
--- a/debian/jitsi-meet-web-config.templates
+++ b/debian/jitsi-meet-web-config.templates
@ -37,10 +37,8 @@ _Description: Hostname:
 Template: jitsi-meet/jaas-choice
 Type: boolean
 _Description: Interested in adding telephony to your Jitsi meetings?
- You can easily add dialing in support to your meetings using JaaS (Jitsi as a Service).
- You need to:
-  - have a certificate signed by a recognised CA or Let’s Encrypt on your deployment
-  - sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}
+ You can easily add dialing in support to your meetings. You need to give us the permission to create a free JaaS (Jitsi as a Service) account for you.
+ Also, you need to have a certificate signed by a recognised CA or Let's Encrypt on your deployment.

 Template: jitsi-meet/email
 Type: string
--- a/resources/install-letsencrypt-cert.sh
+++ b/resources/install-letsencrypt-cert.sh
@ -52,14 +52,20 @@ fi

 RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}"

-ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
-eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED="true"
+ISSUE_FAILED_CODE=0
+ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
+eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED_CODE=$?

-INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
-if [ "$ISSUE_FAILED" = "true" ] ; then
-    echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
-    echo "You can retry later by executing:"
-    echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
+INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
+if [ ${ISSUE_FAILED_CODE} -ne 0 ] ; then
+    # it maybe this certificate already exists (code 2 - skip, no need to renew)
+    if [ ${ISSUE_FAILED_CODE} -eq 2 ]; then
+        eval "$INSTALL_CERT_CMD"
+    else
+        echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
+        echo "You can retry later by executing:"
+        echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
+    fi
 else
    eval "$INSTALL_CERT_CMD"
 fi
--- a/resources/register-jaas-account.sh
+++ b/resources/register-jaas-account.sh
@ -22,6 +22,8 @@ if [ ${create_error} -ne 0 ]; then
    exit 2
 fi

+# make sure .well-known exists
+mkdir -p "$(dirname "$CHALLENGE_FILE")"
 # Creating the challenge file
 echo "${create_data}" | jq -r .challenge > ${CHALLENGE_FILE}