Merge pull request #244 from linuxserver/renew

CHBMB · web-flow · commit 01a706344e4a · 2018-12-09T06:38:42.000Z
remove renewal during container start
diff --git a/README.md b/README.md
@@ -141,6 +141,7 @@ This will *ask* Google et al not to index and list your site. Be careful with th
 
 ## Versions
 
++ **08.12.18:** Had to remove cert renewal during container start due to certbot's new undocumented "feature" of up to 8 minute random delay.
 + **03.12.18:** Fix silly bug resetting the duckdns token.
 + **02.12.18:** Add dns validation support for ovh.
 + **20.11.18:** Externalize reverse proxy confs to separate github repo `linuxserver/reverse-proxy-confs`, update baseimage packages during build
diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
@@ -228,12 +228,11 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
     sleep infinity
   fi
   openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:
+  sleep 1
   cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem
+  echo "New certificate generated; starting nginx"
 else
-  echo "Certificate exists; parameters unchanged; attempting renewal"
-  chmod +x /app/le-renew.sh
-  sleep 1
-  /app/le-renew.sh
+  echo "Certificate exists; parameters unchanged; starting nginx"
 fi
 
 # logfiles needed by fail2ban
@@ -247,3 +246,4 @@ chown -R abc:abc \
 	/config
 chmod -R 0644 /etc/logrotate.d
 chmod -R +r /config/log
+chmod +x /app/le-renew.sh
