fix: Fixes LE script on existing cert. (#12223)
* fix: Fixes LE script on existing cert. Updates jaas shown message. * squash: Make sure .well-known folder exists. * squash: Fix LE when running apt commands with sudo. Forces acme.sh to work when it detects sudo. * squash: Change jaas message on install. * squash: Uses issue return code to check for existing cert.
This commit is contained in:
parent
2cb9596536
commit
d61d47fae3
|
@ -227,8 +227,9 @@ case "$1" in
|
||||||
if [[ "$ISSUE_LE_CERT" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
|
if [[ "$ISSUE_LE_CERT" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
|
||||||
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME || true
|
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME || true
|
||||||
fi
|
fi
|
||||||
|
JAAS_REG_ERROR=0
|
||||||
if [[ "${JAAS_INPUT}" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
|
if [[ "${JAAS_INPUT}" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
|
||||||
/usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || true
|
/usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || JAAS_REG_ERROR=$?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
|
@ -239,16 +240,16 @@ case "$1" in
|
||||||
echo " .xMMMMNxkNc"
|
echo " .xMMMMNxkNc"
|
||||||
echo " dMMMMMkxXc"
|
echo " dMMMMMkxXc"
|
||||||
echo " cNMMMNl.."
|
echo " cNMMMNl.."
|
||||||
if [ "${JAAS_INPUT}" != "true" ]; then
|
if [ "${JAAS_INPUT}" != "true" ] || [ ${JAAS_REG_ERROR} -ne 0 ]; then
|
||||||
echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?"
|
echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?"
|
||||||
echo " ;XMMMO'"
|
echo " ;XMMMO'"
|
||||||
echo " lNMMWO' Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
|
echo " lNMMWO' Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
|
||||||
echo " lNMMM0, and follow the guide in the dev console."
|
echo " lNMMM0, and follow the guide in the dev console."
|
||||||
else
|
else
|
||||||
echo " .kMMMX;"
|
echo " .kMMMX;"
|
||||||
echo " ;XMMMO' Don't forget to sign up on"
|
echo " ;XMMMO' Congratulations! Now you can use telephony in your Jitsi meetings!"
|
||||||
echo " lNMMWO' https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
|
echo " lNMMWO' We have created a free JaaS (Jitsi as a Service) account for you. "
|
||||||
echo " lNMMM0, in order to add telephony to your Jitsi meetings!"
|
echo " lNMMM0, You can login to https://jaas.8x8.vc/components to check our developer console and your account details."
|
||||||
fi
|
fi
|
||||||
echo " lXMMMK:."
|
echo " lXMMMK:."
|
||||||
echo " ;KMMMNKd. 'oo,"
|
echo " ;KMMMNKd. 'oo,"
|
||||||
|
|
|
@ -37,10 +37,8 @@ _Description: Hostname:
|
||||||
Template: jitsi-meet/jaas-choice
|
Template: jitsi-meet/jaas-choice
|
||||||
Type: boolean
|
Type: boolean
|
||||||
_Description: Interested in adding telephony to your Jitsi meetings?
|
_Description: Interested in adding telephony to your Jitsi meetings?
|
||||||
You can easily add dialing in support to your meetings using JaaS (Jitsi as a Service).
|
You can easily add dialing in support to your meetings. You need to give us the permission to create a free JaaS (Jitsi as a Service) account for you.
|
||||||
You need to:
|
Also, you need to have a certificate signed by a recognised CA or Let's Encrypt on your deployment.
|
||||||
- have a certificate signed by a recognised CA or Let’s Encrypt on your deployment
|
|
||||||
- sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}
|
|
||||||
|
|
||||||
Template: jitsi-meet/email
|
Template: jitsi-meet/email
|
||||||
Type: string
|
Type: string
|
||||||
|
|
|
@ -52,14 +52,20 @@ fi
|
||||||
|
|
||||||
RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}"
|
RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}"
|
||||||
|
|
||||||
ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
|
ISSUE_FAILED_CODE=0
|
||||||
eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED="true"
|
ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
|
||||||
|
eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED_CODE=$?
|
||||||
|
|
||||||
INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
|
INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
|
||||||
if [ "$ISSUE_FAILED" = "true" ] ; then
|
if [ ${ISSUE_FAILED_CODE} -ne 0 ] ; then
|
||||||
|
# it maybe this certificate already exists (code 2 - skip, no need to renew)
|
||||||
|
if [ ${ISSUE_FAILED_CODE} -eq 2 ]; then
|
||||||
|
eval "$INSTALL_CERT_CMD"
|
||||||
|
else
|
||||||
echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
|
echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
|
||||||
echo "You can retry later by executing:"
|
echo "You can retry later by executing:"
|
||||||
echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
|
echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
eval "$INSTALL_CERT_CMD"
|
eval "$INSTALL_CERT_CMD"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -22,6 +22,8 @@ if [ ${create_error} -ne 0 ]; then
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# make sure .well-known exists
|
||||||
|
mkdir -p "$(dirname "$CHALLENGE_FILE")"
|
||||||
# Creating the challenge file
|
# Creating the challenge file
|
||||||
echo "${create_data}" | jq -r .challenge > ${CHALLENGE_FILE}
|
echo "${create_data}" | jq -r .challenge > ${CHALLENGE_FILE}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue