fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
135 lines
4.7 KiB
Bash
Executable File
135 lines
4.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Retry certbot certificate requests with proper DNS propagation time
|
|
# Fixes the "NXDOMAIN" error by using longer propagation wait
|
|
|
|
set -euo pipefail
|
|
|
|
# Load IP configuration
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
|
|
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
|
|
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
|
|
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
|
|
log_error() { echo -e "${RED}[✗]${NC} $1"; }
|
|
|
|
PROXMOX_HOST="${1:-192.168.11.11}"
|
|
CONTAINER_ID="${2:-10233}"
|
|
EMAIL="${3:-nsatoshi2007@hotmail.com}"
|
|
PROPAGATION_SECONDS="${4:-120}"
|
|
|
|
echo ""
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo "🔒 Retrying Certbot with Proper DNS Propagation"
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo ""
|
|
|
|
# Domains that failed (from error message)
|
|
DOMAINS=(
|
|
"sankofa.nexus"
|
|
"www.sankofa.nexus"
|
|
"phoenix.sankofa.nexus"
|
|
"www.phoenix.sankofa.nexus"
|
|
"the-order.sankofa.nexus"
|
|
)
|
|
|
|
log_info "Container: $CONTAINER_ID"
|
|
log_info "Propagation wait: ${PROPAGATION_SECONDS} seconds"
|
|
log_info "Email: $EMAIL"
|
|
echo ""
|
|
|
|
# Verify credentials exist
|
|
log_info "Verifying Cloudflare credentials..."
|
|
CREDS_EXIST=$(ssh root@"$PROXMOX_HOST" \
|
|
"pct exec $CONTAINER_ID -- test -f /etc/cloudflare/credentials.ini && echo 'yes' || echo 'no'")
|
|
|
|
if [ "$CREDS_EXIST" != "yes" ]; then
|
|
log_error "Cloudflare credentials not found!"
|
|
log_info "Run: bash scripts/fix-certbot-dns-propagation.sh $PROXMOX_HOST $CONTAINER_ID"
|
|
exit 1
|
|
fi
|
|
log_success "Credentials file exists"
|
|
|
|
# Request certificates with proper propagation time
|
|
log_info "Requesting certificates with ${PROPAGATION_SECONDS}s propagation time..."
|
|
echo ""
|
|
|
|
success_count=${success_count:-0}
|
|
fail_count=${fail_count:-0}
|
|
|
|
# Group domains by base domain for certificate requests
|
|
declare -A DOMAIN_GROUPS
|
|
DOMAIN_GROUPS["sankofa.nexus"]="sankofa.nexus www.sankofa.nexus"
|
|
DOMAIN_GROUPS["phoenix.sankofa.nexus"]="phoenix.sankofa.nexus www.phoenix.sankofa.nexus"
|
|
DOMAIN_GROUPS["the-order.sankofa.nexus"]="the-order.sankofa.nexus"
|
|
|
|
for group_name in "${!DOMAIN_GROUPS[@]}"; do
|
|
domain_list="${DOMAIN_GROUPS[$group_name]}"
|
|
|
|
log_info "Requesting certificate for: $domain_list"
|
|
|
|
# Build certbot command
|
|
CERTBOT_CMD="certbot certonly --dns-cloudflare \
|
|
--dns-cloudflare-credentials /etc/cloudflare/credentials.ini \
|
|
--dns-cloudflare-propagation-seconds $PROPAGATION_SECONDS \
|
|
--non-interactive \
|
|
--agree-tos \
|
|
--email $EMAIL"
|
|
|
|
# Add domains
|
|
for domain in $domain_list; do
|
|
CERTBOT_CMD="$CERTBOT_CMD -d $domain"
|
|
done
|
|
|
|
log_info " Running certbot (this may take 2-3 minutes)..."
|
|
|
|
# Run certbot
|
|
result=$(ssh root@"$PROXMOX_HOST" \
|
|
"pct exec $CONTAINER_ID -- bash -c '$CERTBOT_CMD 2>&1'" || echo "FAILED")
|
|
|
|
set +e
|
|
if echo "$result" | grep -q "Congratulations\|Successfully received certificate"; then
|
|
log_success " ✓ Certificate obtained: $group_name"
|
|
success_count=$((success_count + 1))
|
|
elif echo "$result" | grep -q "already exists\|Certificate not yet due for renewal"; then
|
|
log_warn " ⚠ Certificate already exists: $group_name"
|
|
success_count=$((success_count + 1))
|
|
else
|
|
log_error " ✗ Failed: $group_name"
|
|
echo "$result" | grep -i "error\|failed\|NXDOMAIN" | head -5
|
|
fail_count=$((fail_count + 1))
|
|
fi
|
|
set -e
|
|
|
|
echo ""
|
|
sleep 2 # Small delay between requests
|
|
done
|
|
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
log_info "Summary:"
|
|
log_success " Successful: $success_count"
|
|
if [ $fail_count -gt 0 ]; then
|
|
log_error " Failed: $fail_count"
|
|
fi
|
|
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
|
echo ""
|
|
|
|
if [ $fail_count -eq 0 ]; then
|
|
log_success "✅ All certificates obtained successfully!"
|
|
else
|
|
log_warn "⚠️ Some certificates failed. You may need to:"
|
|
log_info " 1. Wait a few minutes for DNS to fully propagate"
|
|
log_info " 2. Increase propagation time: --dns-cloudflare-propagation-seconds 180"
|
|
log_info " 3. Check DNS records exist in Cloudflare"
|
|
exit 1
|
|
fi
|