[#1202] Add force renewal option to certbot_new function when the domains changed

This commit adds a new optional parameter, `force`, to the `certbot_new` function in the `certbot-new.py` file. The `force` parameter allows for forcing the renewal of certificates even if they are not due for renewal. This can be useful in certain scenarios where certificate updates are required regardless of their expiration date.
2026-05-24 09:28:37 +00:00 · 2024-05-23 11:25:46 +01:00 · 2024-05-23 11:25:46 +01:00 · 4361199513
commit 4361199513
parent f4b25af7ed
1 changed files with 8 additions and 7 deletions
--- a/src/common/core/letsencrypt/jobs/certbot-new.py
+++ b/src/common/core/letsencrypt/jobs/certbot-new.py
@ -29,7 +29,7 @@ LETS_ENCRYPT_WORK_DIR = join(sep, "var", "lib", "bunkerweb", "letsencrypt")
 LETS_ENCRYPT_LOGS_DIR = join(sep, "var", "log", "bunkerweb")


-def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False) -> int:
+def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False, *, force: bool = False) -> int:
    process = Popen(
        [
            CERTBOT_BIN,
@ -54,7 +54,8 @@ def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False)
            "--agree-tos",
            "--expand",
        ]
-        + (["--staging"] if use_letsencrypt_staging else []),
+        + (["--staging"] if use_letsencrypt_staging else [])
+        + (["--force-renewal"] if force else []),
        stdin=DEVNULL,
        stderr=PIPE,
        universal_newlines=True,
@ -96,7 +97,7 @@ try:
    # Restore Let's Encrypt data from db cache
    JOB.restore_cache(job_name="certbot-renew")

-    domains_to_ask = []
+    domains_to_ask = {}
    # Multisite case
    if is_multisite:
        domains_server_names = {}
@ -133,18 +134,18 @@ try:

    if proc.returncode != 0:
        LOGGER.error(f"Error while checking certificates :\n{proc.stdout}")
-        domains_to_ask = server_names
+        domains_to_ask = {domain: True for domain in server_names}
    else:
        for first_server, domains in domains_server_names.items():
            generated_domains.update(domains.split(" "))

            current_domains = search(rf"Domains: {first_server}(?P<domains>.*)$", stdout, MULTILINE)
            if not current_domains:
-                domains_to_ask.append(first_server)
+                domains_to_ask[first_server] = False
                continue
            elif set(f"{first_server}{current_domains.groupdict()['domains']}".strip().split(" ")) != set(domains.split(" ")):
                LOGGER.warning(f"Domains for {first_server} are not the same as in the certificate, asking new certificate...")
-                domains_to_ask.append(first_server)
+                domains_to_ask[first_server] = True
                continue
            LOGGER.info(f"Certificates already exists for domain(s) {domains}")

@ -159,7 +160,7 @@ try:
        use_letsencrypt_staging = getenv(f"{first_server}_USE_LETS_ENCRYPT_STAGING", getenv("USE_LETS_ENCRYPT_STAGING", "no")) == "yes"

        LOGGER.info(f"Asking certificates for domain(s) : {domains} (email = {real_email}) to Let's Encrypt {'staging ' if use_letsencrypt_staging else ''}...")
-        if certbot_new(domains.replace(" ", ","), real_email, use_letsencrypt_staging) != 0:
+        if certbot_new(domains.replace(" ", ","), real_email, use_letsencrypt_staging, force=domains_to_ask[first_server]) != 0:
            status = 2
            LOGGER.error(f"Certificate generation failed for domain(s) {domains} ...")
            continue