fix: Fixes LE script on existing cert. (#12223)

* fix: Fixes LE script on existing cert.

Updates jaas shown message.

* squash: Make sure .well-known folder exists.

* squash: Fix LE when running apt commands with sudo.

Forces acme.sh to work when it detects sudo.

* squash: Change jaas message on install.

* squash: Uses issue return code to check for existing cert.
This commit is contained in:
Дамян Минков 2022-09-22 10:08:32 -04:00 committed by GitHub
parent 2cb9596536
commit d61d47fae3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 16 deletions

View File

@ -227,8 +227,9 @@ case "$1" in
if [[ "$ISSUE_LE_CERT" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME || true
fi
JAAS_REG_ERROR=0
if [[ "${JAAS_INPUT}" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
/usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || true
/usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || JAAS_REG_ERROR=$?
fi
echo ""
@ -239,16 +240,16 @@ case "$1" in
echo " .xMMMMNxkNc"
echo " dMMMMMkxXc"
echo " cNMMMNl.."
if [ "${JAAS_INPUT}" != "true" ]; then
if [ "${JAAS_INPUT}" != "true" ] || [ ${JAAS_REG_ERROR} -ne 0 ]; then
echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?"
echo " ;XMMMO'"
echo " lNMMWO' Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
echo " lNMMM0, and follow the guide in the dev console."
else
echo " .kMMMX;"
echo " ;XMMMO' Don't forget to sign up on"
echo " lNMMWO' https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
echo " lNMMM0, in order to add telephony to your Jitsi meetings!"
echo " ;XMMMO' Congratulations! Now you can use telephony in your Jitsi meetings!"
echo " lNMMWO' We have created a free JaaS (Jitsi as a Service) account for you. "
echo " lNMMM0, You can login to https://jaas.8x8.vc/components to check our developer console and your account details."
fi
echo " lXMMMK:."
echo " ;KMMMNKd. 'oo,"

View File

@ -37,10 +37,8 @@ _Description: Hostname:
Template: jitsi-meet/jaas-choice
Type: boolean
_Description: Interested in adding telephony to your Jitsi meetings?
You can easily add dialing in support to your meetings using JaaS (Jitsi as a Service).
You need to:
- have a certificate signed by a recognised CA or Lets Encrypt on your deployment
- sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}
You can easily add dialing in support to your meetings. You need to give us the permission to create a free JaaS (Jitsi as a Service) account for you.
Also, you need to have a certificate signed by a recognised CA or Let's Encrypt on your deployment.
Template: jitsi-meet/email
Type: string

View File

@ -52,14 +52,20 @@ fi
RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}"
ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED="true"
ISSUE_FAILED_CODE=0
ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED_CODE=$?
INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
if [ "$ISSUE_FAILED" = "true" ] ; then
echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
echo "You can retry later by executing:"
echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
if [ ${ISSUE_FAILED_CODE} -ne 0 ] ; then
# it maybe this certificate already exists (code 2 - skip, no need to renew)
if [ ${ISSUE_FAILED_CODE} -eq 2 ]; then
eval "$INSTALL_CERT_CMD"
else
echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
echo "You can retry later by executing:"
echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
fi
else
eval "$INSTALL_CERT_CMD"
fi

View File

@ -22,6 +22,8 @@ if [ ${create_error} -ne 0 ]; then
exit 2
fi
# make sure .well-known exists
mkdir -p "$(dirname "$CHALLENGE_FILE")"
# Creating the challenge file
echo "${create_data}" | jq -r .challenge > ${CHALLENGE_FILE}